[Fedora-directory-users] Question re: {KERBEROS} syntax
Tom Ryan
tomryan at camlaw.rutgers.edu
Wed Jul 26 15:32:11 UTC 2006
Just as a followup, if the pam entries appear at the end of the dse.ldif
file, the server starts without warning, but that¹s it.. Once stopped, the
dse.ldif is rearranged, the pam entry moves up, and the error persists on
subsequent starts..
Regardless, when I manually start it with the entry at the bottom of the
ldif, I still can not get the system to use the aliasedobjectname instead of
the rdn..
Tom
On 7/26/06 11:20 AM, "Tom Ryan" <tomryan at camlaw.rutgers.edu> wrote:
> It happens to all of us...
>
> I am still having a couple of issues though (for everyone else listening :)
>
> I changed pamMapMethod to Entry
> I then set pamIDAttr to aliasedObjectName (out of laziness for now)
>
> When I start the slapd with this, I get this..
>
> pam_passthru-plugin - Warning: The following suffixes listed in
> pamExcludeSuffix or pamIncludeSuffix are not present in this server:
> o=NetscapeRoot
>
> But, the admin server will still start just fine..
>
> Regardless, the system does not appear to try to use the aliasedobjectname for
> the user to pass to pam.. (I have KRBPRINC at REALM.COM in aliasedobjectname)..
>
> Any ideas?
>
> Tom
>
> Ps.. If I leave it as RDN, I get no error on startup about suffix and as long
> as my bind dn matches my krb princ in the default realm, it works.. So I¹m
> halfway there?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060726/59426c7e/attachment.htm>
More information about the Fedora-directory-users
mailing list