systematic Kerberization
Pau Aliagas
linuxnow at newtral.org
Wed Jun 2 12:04:28 UTC 2004
On Mon, 10 May 2004, Havoc Pennington wrote:
Sorry to be late and maybe a litle offtopic.
> Something we've wanted to do for a long time is create a matrix of
> programs that should support Kerberos authentication, and start checking
> them off. I guess this includes both client-side and server-side.
>
> Does anyone have a good start on this?
>
> Any real-world experience/scenarios where Kerberos support was needed
> and not available? (Which things should be Kerberized first?)
I've been trying really hard to implement kerberos+ldap in fedora
development and FC1/FC2 and I'm almost done, but there is one important
thing that does not work: loginShell is ignored by nss_ldap.
I'd like to post an example configuration to make this systematic
Kerberization a fact, something to start playing with, but I haven't been
able to get a "bash" shell when using ldap. Any hints?
login always launches "/bin/sh" ignoring the ldap entries. finger and
getent also ignore the loginShell, so I strongly suspect it's an nss_ldap
bug.
Thanks
Pau
More information about the fedora-devel-list
mailing list