On 08/10/2015 09:47 PM, Michael Torrie wrote: > [1] In case anyone is curious, an easy way to do this is by making the > kerberos principals be something like "username/admin@DOMAIN", and > then telling the local admin account to allow logins from > */admin@DOMAIN. That way the local account needn't be modified when > other principals are created or deleted.
I tried using */admin@DOMAIN with .k5login to map admin users to a local admin account, but it turns out wildcards aren't supported in .k5login. How did you set it up with pam and nss to do the mapping? Grazie, ;-Daniel Fussell /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
