On 5/31/2022 12:43 PM, Jeffrey Hutzelman wrote:
On Tue, May 31, 2022 at 3:36 PM Carson Gaspar <[email protected]> wrote: I agree about the sshd config options, but looking at the source code for Russ's pam_krb5, I don't think it will work as-is without changing the username provided by the client (see my previous post). It will. You want something like alt_auth_map=%s/ssh@REALM only_alt_auth=true
Ah - I missed that as it takes a different code path that bypasses the normal user name mapping. Thanks for the correction!
-- Carson ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
