> Did you add the line:
> myu...@example.com
> to the .k5login file for myuser on ssh-serv.etud.example.com?
>
> The assumption is foreign principals are not allowed to login by
> default. i.e. a local user in one realm is not the same as a local
> user in another realm.
>
> Also see the auth_to_local options in the krb5.conf file.
>
I didn't and that fixed my problems. I also added the auth_to_local
option in the krb5.conf so I don't have to manually add a lot
of .k5login files in /home directories. My [realms] section now is like
this as I only want one way cros-realm authentication :
[realms]
ETUD.EXAMPLE.COM = {
[...]
default_domain = etud.example.com
auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE\.COM)s/@.*//
auth_to_local = DEFAULT
}
DAUPHINE.FR = {
[...]
default_domain = example.com
}
Thanks,
Jean-Christophe
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
