Has anybody tried to centralise the .k5login by storing this information in ldap ?
Thanks Markus "Jeffrey Hutzelman" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > On Friday, April 01, 2005 11:33:08 PM -0800 Darren Hoch > <[EMAIL PROTECTED]> wrote: > >> Hello All, >> >> Thanks Jeffery. I deleted the old krbtgt principals and added the >> following on each host: >> >> krbtgt/[EMAIL PROTECTED] >> krbtgt/[EMAIL PROTECTED] >> >> I am almost there. When user darren now tries to telnet (kerberized) from >> a host in realm EXAMPLE.COM to a host in EXAMPLE1.COM, the credentials >> and encryption are accepted, however, I am still prompted for a password >> for the user darren in realm EXAMPLE1.COM. Shoud I be prompted, or should >> I be able to do single sign on? > > It sounds like now you are successfully authenticating to the telnet > server, and the authorization check is failing. This is not surprising, > since the default policy only allows you to log in as user 'foo' if you > are authenticated as the principal '[EMAIL PROTECTED]'. You can override > the local policy for a given user by giving that user a .k5login file > listing the principals who are allowed to log in as him. For example, you > could give 'darren' a .k5login file containing the following two lines: > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > > -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> > Sr. Research Systems Programmer > School of Computer Science - Research Computing Facility > Carnegie Mellon University - Pittsburgh, PA > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos