auth_to_local_names - Kerberos

This is a discussion on auth_to_local_names - Kerberos ; I want Kerberos principal user1 to be able to log into user account user2 on a particular host. I specified auth_to_local_names { user1 = user2 } in the krb5.conf file on the host. When I kinit on another machine as ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: auth_to_local_names

  1. auth_to_local_names

    I want Kerberos principal user1 to be able to log into user account
    user2 on a particular host. I specified

    auth_to_local_names {
    user1 = user2
    }

    in the krb5.conf file on the host. When I kinit on another machine as
    user1 and ssh to the host, I get a password prompt. When I enter my
    password, I am logged in as user1. If I change the above lines to

    auth_to_local_names {
    xxxxx = user2
    }

    then the host logs me in as user1 without asking for a password.

    What am I missing? Also, I did my best to turn on logging (see my
    logging section below), but nothing gets logged when I try to
    connect. I'm completely new to this; what approach could I take to
    debugging this myself?

    Thanks,
    -David

    [logging]
    default = SYSLOGEBUG:AUTH
    default = SYSLOGEBUG:ERR
    default = SYSLOGEBUGAEMON
    default = SYSLOGEBUG:USER
    default = SYSLOGEBUG:KERN



  2. Re: auth_to_local_names

    grackle wrote:
    > I want Kerberos principal user1 to be able to log into user account
    > user2 on a particular host. I specified
    >
    > auth_to_local_names {
    > user1 = user2
    > }
    >
    > in the krb5.conf file on the host. When I kinit on another machine as
    > user1 and ssh to the host, I get a password prompt. When I enter my
    > password, I am logged in as user1. If I change the above lines to


    Are you telling ssh to log you in as user2 (-l user2)? The krb5.conf
    doesn't affect who you log in as, just whether Kerberos will
    authenticate you as that user.

    Also, does user2 have a .k5login? In my experience, a .k5login will override
    anything specified using auth_to_local.

    Matt Loar

  3. Re: auth_to_local_names

    On Feb 22, 6:29 pm, Matthew Loar wrote:
    > Are you telling ssh to log you in as user2 (-l user2)? The krb5.conf
    > doesn't affect who you log in as, just whether Kerberos will
    > authenticate you as that user.


    Thanks; this was the problem.

    -David

+ Reply to Thread