LDAP/Kerberos client config
mark@mproehl.net
mark at mproehl.net
Tue Jan 26 10:37:37 EST 2010
Hi,
did you check if the credential cache can be accessed by nscd. E.g., if
nscd is running as nobody and /tmp/krb5cc_0 belongs to root it will not work.
Mark
> Hi all,
>
> Now that I'm satisfied with my OpenLDAP/Kerberos server configuration,
> I'm attempting to devise a suitable (Debian lenny) client setup for it.
>
> Although I hear that it may not be the best approach, I'm currently
> pursuing a client configuration that includes kstart, libnss-ldap, nscd
> and libpam-ldap. At the moment I'm happy with all of it except libnss-
> ldap.
>
> Kstart has no problem obtaining an initial Kerberos ticket, but I can't
> get libnss-ldap to use it to access the DIT. So far my libnss-ldap.conf
> looks like:
>
> base dc=example,dc=com
> uri ldap://ldapks1.example.com/
> ldap_version 3
> rootuse_sasl yes
> krb5_ccname FILE:/tmp/krb5cc_0
>
> Any idea what I might be missing?
>
> Thanks,
>
> Jaap
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list