[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] pam_ldap + krb5 auth
From: FM <dist-list () LEXUM ! UMontreal ! CA>
Date: 2004-12-13 21:49:36
Message-ID: 41BE0E70.8010600 () lexum ! umontreal ! ca
[Download RAW message or body]
I installed openldap 2.2.x with krb5 (SASL).
Now I am trying to set my station to authenticate my station
my system-auth look like this :
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_krb5.so use_first_pass debug
auth required pam_deny.so
account sufficient pam_unix.so
account required pam_deny.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_krb5.so debug
account sufficient pam_ldap.so use_first_pass
password required pam_cracklib.so retry=3 minlen=2 dcredit=0
ucredit=0 ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_krb5.so debug
password required pam_deny.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
session optional /lib/security/pam_krb5.so
I can connect but in the slapd log, it connect to ldap using BIND dn=""
and then it auth using sasl
If i try whoami for example the BIND dn is also = ""
So,
If I put
use_sasl on
pam_sasl_mech GSSAPI
in /etc/ldap.conf
now slapd log BIND dn authcid="user@realm"
so it seems ok, but now i cannpot use kdm to connect from my station
removing the new conf from ldap.conf solved my prob but I'm back with
the bin dn= ""
Do you have a system-auth + ldap.conf sample for krb5 + openldap ?
thanks !
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic