Kerberos and LDAP

Ronni Feldt rofe at one.com
Thu Oct 30 09:05:05 EDT 2008 

Hi,

It worked!

I tried 'id ronni' which did not work.
Then I stopped nscd and success! I am now able to login using the user
in LDAP.

Now, I have read a lot, and seems to have lost the complete overview of
how it all works together. Can someone explain to me, just in a
superficial way, how it fits together or point me to a link?

My next step is to get Kerberos working with SSH, as I understand it, I
have to configure SSH to use Kerberos to authenticate the user by
forwarding my local Kerberos key; is that correct?

Thank you for your help so far!

- Ronni 



On Thu, 2008-10-30 at 12:52 +0100, Davor Ocelic wrote:
> On Thu, 30 Oct 2008 10:36:35 +0100
> Ronni Feldt <rofe at one.com> wrote:
> 
> > Hi,
> > 
> > Im still trying to get this to work.
> > 
> > tail /var/log/auth.log on workstation says this:
> > Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth): check pass;
> > user unknown
> > Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth):
> > authentication failure; logname=rofe uid=0 euid=0 tty=tty2 ruser=
> > rhost= Oct 30 10:29:02 rofe login[11133]: pam_unix(login:account):
> > could not identify user (from getpwnam(ronni))
> > 
> 
> Hello,
> 
> Tcpdump is an overkill in this simple scenario.
> 
> A requirement for the login to succeed is to have commands such as
> 'id mirko' or 'id ronni' return the getent information for the 
> requested user.
> 
> Not always, but 'getent passwd' should in most cases also return
> an output that looks like a passwd file, but has both local and
> remote entries included.
> 
> For that, you need libnss-ldap package installed & configured on
> the client. (Configuration consists of libnss-ldap.conf and 
> nsswitch.conf).
> 
> Also, if you have nscd installed on the client, turn it off for
> a while until you get 'id ronni' working.
> 
> After you get that working first, move onto getting the actual
> login step.
> 
> Cya,
> -doc
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list