KERBEROS+SASL+OPENLDAP : login but no ticket

Hugo Meiland hugo at meiland.nl
Thu Feb 9 16:14:05 EST 2006


>
> I try to install openldap+SASL+kerberos, I can login in with pam_ldap
> and the authentification is make with kerberos via SASL, But I must do
> a kinit to have a ticket (idem when I log in with ssh).
> How to have a ticket at login??
>
> login->pam_ldap->openldap->SASL->kerberos
>


This way the server running SASL is getting the ticket, and when  
obtaining that ticket, it signals openldap that your username/ 
password combo can be trusted. Along this way the login (workstation)  
will never get a ticket, it won't even have any clue kerberos is  
being used in the back-end.

To obtain a ticket on the workstation use : login->pam_krb5->kerberos  
for authentication, and you might like to use openldap as directory  
server to obtain uid, gid, homedir etc. (in redhat, use system-config- 
authentication to configure)

Try it!!!   it works like a dream :)

Enjoy!

Hugo




More information about the Kerberos mailing list