On Mon, May 29, 2006 at 11:41:32PM +0100, Simon Wilkinson wrote:
> Steven Van Acker wrote:
> > I'm trying to get cross-realm authentication to work between A.COM and
> > B.NET for openssh.
> > the KDC from A.COM has a principal user@A.COM.
> > the KDC from B.NET has the principal host/sshserver@B.NET
> > There's also a principal krbtgt/B.NET@A.COM on both KDC's.

>
> Is user@A.COM authorized to access 's account on the ssh server?
> If the server's default realm is B.NET, the standard configuration will
> only allow user@B.NET to access that account.
>
> You need to investigate the documentation for ~/.k5login, or whatever
> other mechanisms your Kerberos library provides for authorizing
> cross-realm principals.
>
> Simon.


Hello,

thx for replying so fast.
The problem was indeed the default_realm. I changed it 2 seconds after I
sent my mail, to see if that was causing the problem, and it worked.
So my cry for help was a bit premature

Thanks for the help!

kind regards,
-- Steven