Quoth [EMAIL PROTECTED] ("Rechenberg, Andrew"):
| Looking at the code, it looks like if I don't have a .k5login
| I should be allowed access, but the authorization is failing.
| Is this a correct assumption?
Not completely correct, or you wouldn't have a problem, but yes,
that's how it works for everyone else. There are basically two
ways to decide authorization:
1. You don't have a .k5login. Rules are used to decide whether
your prinicipal ought to be authorized for the present account.
Those rules can be anything in theory, but in practice they're
like "[EMAIL PROTECTED] is authorized for account 'myname'".
2. You do have a .k5login - use it instead.
That's why Mark Eichin speculated that your host doesn't know its
local realm. Something's going wrong in (1), if you can make it
work by using your own principal in (2). If I were in your shoes,
I would get the source and build it, and find out what it's doing
in lib/krb5/os/kuserok.c. (Or find out that the source you build
works, where the stuff you're now using doesn't.)
Donn Cave, [EMAIL PROTECTED]
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
