Quoth [EMAIL PROTECTED] ("Rechenberg, Andrew"): | Looking at the code, it looks like if I don't have a .k5login | I should be allowed access, but the authorization is failing. | Is this a correct assumption?
Not completely correct, or you wouldn't have a problem, but yes, that's how it works for everyone else. There are basically two ways to decide authorization: 1. You don't have a .k5login. Rules are used to decide whether your prinicipal ought to be authorized for the present account. Those rules can be anything in theory, but in practice they're like "[EMAIL PROTECTED] is authorized for account 'myname'". 2. You do have a .k5login - use it instead. That's why Mark Eichin speculated that your host doesn't know its local realm. Something's going wrong in (1), if you can make it work by using your own principal in (2). If I were in your shoes, I would get the source and build it, and find out what it's doing in lib/krb5/os/kuserok.c. (Or find out that the source you build works, where the stuff you're now using doesn't.) Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos