Kerberos-Gssapi-ldap-pam interaction

John Morris john at butchwax.com
Wed Jun 18 20:02:41 EDT 2003


I'm using it for account management.  The 'groupdn' feature is a nice
way to set a per host ACL for who's allowed login.  Otherwise, between
nss_ldap and pam_krb5, it's not needed.

        John


Balazs GAL <balsa at rit.bme.hu> writes:

> 2003-05-14, sze keltezéssel Jerome Walter ezt írta:
> 
> > The first step i am trying to reach is to get this working :
> > 	auth -> Kerberos
> > 	account -> LDAP
> > 	password -> Kerberos
> 
> I dont understand why you use pam_ldap?
> 
> I think pam_krb5.sf.net for authentication and nss_ldap for
> authorization are a good pair for most unix domains.
> 
> balsa
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 
John Morris
+1-512-833-6004



More information about the Kerberos mailing list