[EMAIL PROTECTED] (Nod) writes: Hello,
>>To elaborate just a bit: Kerberos allows the server to believe that it is >>talking to a particular Kerberos principal, which is a point in a >>namespace entirely separate from the account space the host itself. The >>decision of what, if any, local resources to allow this principal access >>to is a separate matter. With SSH, you are asking for access to a >>resource (account) that doesn't exist. It doesn't matter who you're >>authenticated as; there's nothing to give you. > > Well, this makes a lot more sense now. Would you happen to know where > I could find a good guide for integrating LDAP with ssh? I've been > over a bunch of them, and just keep getting more confused by LDAP the > more I read. you don't have to use LDAP for the accounts service; you can authenticate via Kerberos and then use the /etc/passwd Regards, Sebastian ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos