[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross-realm difficulties


I saw that aname_to_localname and krb5_kuserok use 
krb5_get_default_realms to
obtain an array of 'default realms'.
All examples of krb5.conf show only single default_realm = EXAMPLE.COM
.. or something like that.

Should one use 'default_realm = AAA BBB'  or two entries:
default_realm = AAA
default_realm = BBB

Or is there another way alltogether to do principal->local user maping with
principals from multiple kerberos realms?