On Mon, May 29, 2006 at 11:41:32PM +0100, Simon Wilkinson wrote: > Steven Van Acker wrote: > > I'm trying to get cross-realm authentication to work between A.COM and > > B.NET for openssh. > > the KDC from A.COM has a principal [EMAIL PROTECTED] > > the KDC from B.NET has the principal host/[EMAIL PROTECTED] > > There's also a principal krbtgt/[EMAIL PROTECTED] on both KDC's. > > Is [EMAIL PROTECTED] authorized to access <user>'s account on the ssh server? > If the server's default realm is B.NET, the standard configuration will > only allow [EMAIL PROTECTED] to access that account. > > You need to investigate the documentation for ~/.k5login, or whatever > other mechanisms your Kerberos library provides for authorizing > cross-realm principals. > > Simon.
Hello, thx for replying so fast. The problem was indeed the default_realm. I changed it 2 seconds after I sent my mail, to see if that was causing the problem, and it worked. So my cry for help was a bit premature :) Thanks for the help! kind regards, -- Steven
