LDAP + Kerberos grouping/password

Coy Hile coy.hile at coyhile.com
Fri Dec 19 10:52:26 EST 2008

On Fri, 19 Dec 2008, Mathew Rowley wrote:

> Do you have to sync passwords between Kerberos and LDAP if I am using LDAP
> for user specific information?  For example, if I ssh to a box, I want it to
> authenticate with kerberos, but get the gid/uid/shell/homedir from LDAP.  Is
> there a way to specify the LDAP PAM module to not to auth against LDAP, just
> get the user information?

The user information is obtained via nss calls.  That's not controlled by
PAM at all.  You shouldn't need ldap mentioned in your PAM config at all.
Fix your nss config and you should be fine.

More information about the Kerberos mailing list