I have used OpenLDAP for several years, but recently been testing Heimdal Krb5 with LDAP backend.
Here is a senario of what I would like to accomplish.
Server system are primarily RedHat Linux and Solaris 10.
User logs in to server system with his/her krb account, su to a non-priveleged user does some work gets out.
What I want to do is limit user access to particular groups of servers based on a users group affiliation. Example, 6 people belong to group xyz that have access to 10 servers and no others.
Have any ideas on this?