> RedHat's FreeIPA may provide some similar functionality, but I'm not familiar > with it. Ditto Samba.
If I'm not mistaken, FreeIPA 4.1+ should have the ability to overwrite or add user attributes locally (including "username", uidNumber, group membership). However, it can only do trusts with AD. The big advantage to overriding attributes locally is that it paves the way for trusts with plain Kerberos realms which aren't exporting any user attributes. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
