Central principal->user at host management?

Douglas E. Engert deengert at anl.gov
Tue Oct 2 02:22:57 EST 2007

Jos Backus wrote:
> [Apologies if this is an off-topic question; please direct me to a more
> appropriate place if so.]
> Using Kerberos/GSSAPIAuthentication, is there a way to centrally
> control/manage (perhaps using LDAP?) which user principals can log into what
> hosts/accounts?

In addition to the ~.k5login, sounds like what you would like would be a
krb5.conf  [realm] auth_to_local=LDAP:.... option. But I don't know
if one exists. (Would be nice if it did...)  There is a auth_to_local=DB:...
option that uses a local database.



  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the openssh-unix-dev mailing list