> Did you add the line: > myu...@example.com > to the .k5login file for myuser on ssh-serv.etud.example.com? > > The assumption is foreign principals are not allowed to login by > default. i.e. a local user in one realm is not the same as a local > user in another realm. > > Also see the auth_to_local options in the krb5.conf file. >
I didn't and that fixed my problems. I also added the auth_to_local option in the krb5.conf so I don't have to manually add a lot of .k5login files in /home directories. My [realms] section now is like this as I only want one way cros-realm authentication : [realms] ETUD.EXAMPLE.COM = { [...] default_domain = etud.example.com auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE\.COM)s/@.*// auth_to_local = DEFAULT } DAUPHINE.FR = { [...] default_domain = example.com } Thanks, Jean-Christophe ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos