Hello, Our environment is currently using 2 AD/realms. I am trying to set up a RHEL3 host to authenticate users from both realms. If the default_realm in /etc/krb5.conf is set to one realm, the users in the other realm cannot authenticate and vice versa. So there is no issue on any settings, they just seem unable to coexist.
The pam_krb5.so module in /etc/pam.d/system-auth is set to "sufficient". I have tried to add another entry: account sufficient /lib/security/$ISA/pam_krb5.so.0 account sufficient /lib/security/$ISA/pam_krb5.so.0\ realm=not.my.default But when I try to authenticate as a user from the non-default domain I get an error that the user cannot be found in the Kerberos database. Users from the default_realm are able to authenticate. It seems the stack stops at the first entry and returns a status OK to PAM when it is executed. The pam_krb5 module itself however does not attempt to try the other realm as defined in /etc/krb5.conf. There is a similar setup we have on Solaris hosts that does actually work. I am not quite sure whether this is a PAM or a pam_krb5 issue. Does anyone have any suggestions or ideas how to solve this? Thanks so far, Quinten ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos