KERBEROS+SASL+OPENLDAP : login but no ticket

jeremy.briffaut@gmail.com jeremy.briffaut at gmail.com
Tue Feb 14 03:41:33 EST 2006


here is my pam config :)
when I login with ssh or login, I have a ticket :)

The last problem for me it's with idmapd and openldap because the
schema is not valid, but I try to modify this schema

I'm writing a howto on my wiki, actually only configuration file, at
http://www.kakou.org/mediawiki/index.php/LDAP_KERBEROS_NFS4_SSH

You can see all my configuration files.

wakka openldap # cat /etc/pam.d/system-auth
#%PAM-1.0

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       sufficient   pam_krb5.so use_first_pass debug
auth       sufficient   pam_ldap.so use_first_pass debug
auth       required     pam_deny.so

account    sufficient   pam_unix.so
account    required     pam_access.so
account   [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] pam_krb5.so debug
account    sufficient   pam_ldap.so debug
account    required     pam_deny.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_krb5.so use_authtok debug
password   sufficient   pam_ldap.so use_authtok debug
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so
session    optional     pam_krb5.so debug
session    optional     pam_ldap.so debug

---------------------




More information about the Kerberos mailing list