Linux Client fails logon on Solaris server

Gruber Johannes (IFAT IT OS CS External) Gruber.External at infineon.com
Mon Aug 2 03:37:08 EDT 2004


> Firstly, have you created a valid kerberos principal
> in the Solaris 9 KDC database for the ldap user in question ?

The user has following DN:
uid=bob,ou=people,ou=sale,ou=examplecity,dc=example,dc=com and the principal
is bob/sale.examplecity.example.com.
The mapping looks like
dsmatching-pattern: ${Principal}
dsmatching-regexp: (.*)/(.*).(.*).example.com at REALM
dsmappeddn: uid=$1,ou=people,ou=$2,ou=$3,dc=example,dc=com

>
> And for pam-kerberos to work correctly, you would need to setup
> pam.conf correctly for the required service (which in this case
> is login, I presume) on the client.

I did that too. The lines for authentication look like
(...)
auth    sufficient    pam_unix.so likeauth nullok
auth    sufficient pam_krb5.so use_first_pass
(...)

I'm not sure if the thing with the host principal worked well. Do I always
need a principal for the host and what's the easiest way to create a
principal for a Linux box on a Solaris KDC?

Thanks for answers,
Johannes




More information about the Kerberos mailing list