Central principal->user at host management?
Douglas E. Engert
deengert at anl.gov
Tue Oct 2 02:22:57 EST 2007
Jos Backus wrote:
> [Apologies if this is an off-topic question; please direct me to a more
> appropriate place if so.]
>
> Using Kerberos/GSSAPIAuthentication, is there a way to centrally
> control/manage (perhaps using LDAP?) which user principals can log into what
> hosts/accounts?
In addition to the ~.k5login, sounds like what you would like would be a
krb5.conf [realm] auth_to_local=LDAP:.... option. But I don't know
if one exists. (Would be nice if it did...) There is a auth_to_local=DB:...
option that uses a local database.
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list