Linux Client fails logon on Solaris server
Gruber Johannes (IFAT IT OS CS External)
Gruber.External at infineon.com
Mon Aug 2 03:37:08 EDT 2004
> Firstly, have you created a valid kerberos principal
> in the Solaris 9 KDC database for the ldap user in question ?
The user has following DN:
uid=bob,ou=people,ou=sale,ou=examplecity,dc=example,dc=com and the principal
is bob/sale.examplecity.example.com.
The mapping looks like
dsmatching-pattern: ${Principal}
dsmatching-regexp: (.*)/(.*).(.*).example.com at REALM
dsmappeddn: uid=$1,ou=people,ou=$2,ou=$3,dc=example,dc=com
>
> And for pam-kerberos to work correctly, you would need to setup
> pam.conf correctly for the required service (which in this case
> is login, I presume) on the client.
I did that too. The lines for authentication look like
(...)
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
(...)
I'm not sure if the thing with the host principal worked well. Do I always
need a principal for the host and what's the easiest way to create a
principal for a Linux box on a Solaris KDC?
Thanks for answers,
Johannes
More information about the Kerberos
mailing list