KERBEROS+SASL+OPENLDAP : login but no ticket
jeremy.briffaut@gmail.com
jeremy.briffaut at gmail.com
Tue Feb 14 03:41:33 EST 2006
here is my pam config :)
when I login with ssh or login, I have a ticket :)
The last problem for me it's with idmapd and openldap because the
schema is not valid, but I try to modify this schema
I'm writing a howto on my wiki, actually only configuration file, at
http://www.kakou.org/mediawiki/index.php/LDAP_KERBEROS_NFS4_SSH
You can see all my configuration files.
wakka openldap # cat /etc/pam.d/system-auth
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass debug
auth sufficient pam_ldap.so use_first_pass debug
auth required pam_deny.so
account sufficient pam_unix.so
account required pam_access.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] pam_krb5.so debug
account sufficient pam_ldap.so debug
account required pam_deny.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_krb5.so use_authtok debug
password sufficient pam_ldap.so use_authtok debug
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_krb5.so debug
session optional pam_ldap.so debug
---------------------
More information about the Kerberos
mailing list