solaris pam_krb5.so.1

Matthew Mauzy matthew_mauzy at unc.edu
Thu Mar 27 17:23:17 EST 2003


I have an openLDAP server that I'm trying to setup using kerberos 5 for 
authentication.  I have krb5 working (am able to kinit as krb5 principals) 
and also have openLDAP working (accounts in the dir).  I have nsswitch on 
both Solaris 8 and 9 systems set to get passwd/shadow info from the LDAP 
and am able to see LDAP accounts on these systems with 'listusers' and 
'getent passwd'.  What I can't do is login to an account that isn't local 
to the machine.  I've received info on the openldap list that seems to 
indicate that I can't use pam_ldap (and I assume pam_unix) to login to the 
systems because the userPassword attribute isn't set as {crypt} (I have it 
set for {KERBEROS}prinicpal at REALM which works fine for redhat 8 systems 
that are using LDAP/krb5 for account login info.)

So my question: how do you setup PAM on Solaris 8/9 systems to use LDAP for 
account info, krb5 for passwords, and AFS for home dirs?

TIA,
--Matthew
__________________________________________________________________
                        Matthew W. Mauzy
                      Systems Administrator
                      Applied Math @ UNC-CH
email : mauzy at amath.unc.edu           pager : mpager at amath.unc.edu
 (W) 919.962.9819   www.amath.unc.edu/~mauzy/   (P) 919.347.0390
__________________________________________________________________


More information about the Kerberos mailing list