[389-users] Kerberos SASL GSSAPI ssh error
Prashanth Sundaram
psundaram at wgen.net
Thu Aug 27 21:27:34 UTC 2009
Hello,
I am having some trouble with the FDS PAM PTA. I am trying to authenticate
against AD
I was trying to verify the password authentication to AD. The only time it
does is kinit <ad user>. To test this, I was trying to setup ssh on a client
box and configure it to bind to the FDS directory. Then I tried ssh
user at localhost on client box, it will not accept any password and return
below error.
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password debug1: Next authentication method:
gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide
more information No credentials cache found
debug1: Next authentication method: publickey
Here are my questions.
1. Do I have to make any changes in ldap.conf file like below entries?
# RFC 2307 (AD) mappings
# pam_login_attribute uid (enable)
# pam_lookup_policy (enable)
# pam_password crypt (enable)
# pam_password ad (update ad passwd from unix)
2. Edit the following files for kerberos. I was trying to follow this link
for documentation.
http://aput.net/~jheiss/krbldap/howto.html
* krb5.conf
* kadm5.acl
* kdc.conf
3. Edit /etc/pam.d/system-auth and ldapserver.
4. Do I need to have CA cert installed on Admin and Directory servers for
ssh? I mean, I do not have any certificates installed to 389-ds currently.
Is there any other steps missing here?
Thanks,
Prashanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090827/768f9f99/attachment.htm>
More information about the Fedora-directory-users
mailing list