LDAP/Kerberos client config

mark@mproehl.net mark at mproehl.net
Tue Jan 26 10:37:37 EST 2010


Hi,

did you check if the credential cache can be accessed by nscd. E.g., if
nscd is running as nobody and /tmp/krb5cc_0 belongs to root it will not work.

Mark

> Hi all,
>
> Now that I'm satisfied with my OpenLDAP/Kerberos server configuration,
> I'm attempting to devise a suitable (Debian lenny) client setup for it.
>
> Although I hear that it may not be the best approach, I'm currently
> pursuing a client configuration that includes kstart, libnss-ldap, nscd
> and libpam-ldap. At the moment I'm happy with all of it except libnss-
> ldap.
>
> Kstart has no problem obtaining an initial Kerberos ticket, but I can't
> get libnss-ldap to use it to access the DIT. So far my libnss-ldap.conf
> looks like:
>
>    base dc=example,dc=com
>    uri ldap://ldapks1.example.com/
>    ldap_version 3
>    rootuse_sasl yes
>    krb5_ccname FILE:/tmp/krb5cc_0
>
> Any idea what I might be missing?
>
> Thanks,
>
> Jaap
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>





More information about the Kerberos mailing list