KERBEROS+SASL+OPENLDAP : login but no ticket
Hugo Meiland
hugo at meiland.nl
Thu Feb 9 16:14:05 EST 2006
>
> I try to install openldap+SASL+kerberos, I can login in with pam_ldap
> and the authentification is make with kerberos via SASL, But I must do
> a kinit to have a ticket (idem when I log in with ssh).
> How to have a ticket at login??
>
> login->pam_ldap->openldap->SASL->kerberos
>
This way the server running SASL is getting the ticket, and when
obtaining that ticket, it signals openldap that your username/
password combo can be trusted. Along this way the login (workstation)
will never get a ticket, it won't even have any clue kerberos is
being used in the back-end.
To obtain a ticket on the workstation use : login->pam_krb5->kerberos
for authentication, and you might like to use openldap as directory
server to obtain uid, gid, homedir etc. (in redhat, use system-config-
authentication to configure)
Try it!!! it works like a dream :)
Enjoy!
Hugo
More information about the Kerberos
mailing list