Is there a field in krb5.conf where you can do the reverse of auth_to_local? One that provides a mapping of local userID's to Kerberos principals before authentication?
Reason I ask is: Primarily I have seen that technologies like Kerberos are used in an environment where the images, in this case multiple Linux images, are considered as commodity compute resources and it did not matter what machine you authenticated with. I could log in to any one of the images as 'jin' and I would have the same authority. However, in our environment one person having access to a web server shouldn't have the same access to another machine in the same Realm. The reason I want to attach the hostname as the Kerberos instance is that I'd like to specify in Kerberos which machines this user has access to. This way of defining user name space could be used to segregate root (or any other system management ID) on the various images while allowing the general population to access resources as needed. Thanks, Jin ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
