Kerberos-Gssapi-ldap-pam interaction

Jerome Walter walter+SP at M.efrei.fr
Wed May 14 05:52:38 EDT 2003


Hi,

As the subject tells, there is more than one technology involved in my
problem, so feel free to FU2 or Xpost to any other group.

As part of the project i dealed about a few days ago, i managed to get things
quite working on the linux boxes. Kerberos server works pretty well, Ldap too
with gssapi authentication.

But here come my problem, i am experiencing problems when i try to tune the
pam config files to get all the accounting process working.

My login file allows me to authenticate against KDC and to get a tgt. Well, i
assume that what is needed.

But, trying to get accounting info in the LDAP server is quite more
complicated. I tried different configurations with nss, pam_ldap and pam.d
config files but did not manage to get the account required pam_ldap.so
working:
Insufficient credentials to access authentiation data

Is there someone who have ever installed such a config ? could you give me
advices about how to configure things up ?

The first step i am trying to reach is to get this working :
	auth -> Kerberos
	account -> LDAP
	password -> Kerberos

In a near future i sould try OpenAFS, is there something special i sould not
do ?


Finally, is there something special to do to make sudo and ssh not requiring
entering the password again ? try_first_pass does not seem to work...


Mmmh, did i say i am under GNU/Debian woody ?


TIA,

Jerome

-- 
-+--   Jerome Walter - 	I2 EFREI		          ----+-
 Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
 "The World is my country" - "Nihon no tomodachi desu"
EFREI System and Networking guide http://perso.efrei.fr/~walter/  


More information about the Kerberos mailing list