KERBEROS+SASL+OPENLDAP : login but no ticket
"Martin v. Löwis"
martin at v.loewis.de
Thu Feb 9 13:26:02 EST 2006
jeremy.briffaut at gmail.com wrote:
> I try to install openldap+SASL+kerberos, I can login in with pam_ldap
> and the authentification is make with kerberos via SASL, But I must do
> a kinit to have a ticket (idem when I log in with ssh).
> How to have a ticket at login??
>
> login->pam_ldap->openldap->SASL->kerberos
Why are you using pam_ldap? Use pam_krb5 instead; it will authenticate
the user against the KDC, and add the TGT it obtained in doing so
to the ticket cache.
If dropping pam_ldap is not an option, you can use pam_krb5 in addition:
just mark it as optional if users may authenticate for whom kinit would
fail.
Regards,
Martin
More information about the Kerberos
mailing list