<HTML> <HEAD> <TITLE>Kerberos SASL GSSAPI ssh error</TITLE> </HEAD> <BODY> Hello, I am having some trouble with the FDS PAM PTA. I am trying to authenticate against AD I was trying to verify the password authentication to AD. The only time it does is kinit <ad user>. To test this, I was trying to setup ssh on a client box and configure it to bind to the FDS directory. Then I tried ssh user@localhost on client box, it will not accept any password and return below error. debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Next authentication method: publickey Here are my questions. 1. Do I have to make any changes in ldap.conf file like below entries? # RFC 2307 (AD) mappings # pam_login_attribute uid (enable) # pam_lookup_policy (enable) # pam_password crypt (enable) # pam_password ad (update ad passwd from unix) 2. Edit the following files for kerberos. I was trying to follow this link for documentation. <a href="http://aput.net/~jheiss/krbldap/howto.html">http://aput.net/~jheiss/krbldap/howto.html</a> <UL><LI>krb5.conf <LI>kadm5.acl <LI>kdc.conf </UL> 3. Edit /etc/pam.d/system-auth and ldapserver. 4. Do I need to have CA cert installed on Admin and Directory servers for ssh? I mean, I do not have any certificates installed to 389-ds currently. Is there any other steps missing here? Thanks, Prashanth </BODY> </HTML>