[rhn-users] openldap + pam_ldap + krb5 auth
FM
dist-list at LEXUM.UMontreal.CA
Tue Dec 14 15:16:46 UTC 2004
I installed openldap 2.2.x with krb5 (SASL).
Now I am trying to set my station to authenticate my station
my system-auth look like this :
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_krb5.so use_first_pass debug
auth required pam_deny.so
account sufficient pam_unix.so
account required pam_deny.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_krb5.so debug
account sufficient pam_ldap.so use_first_pass
password required pam_cracklib.so retry=3 minlen=2 dcredit=0
ucredit=0 ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_krb5.so debug
password required pam_deny.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
session optional /lib/security/pam_krb5.so
I can connect but in the slapd log, it connect to ldap using BIND dn=""
and then it auth using sasl
If i try whoami for example the BIND dn is also = ""
So,
If I put
use_sasl on
pam_sasl_mech GSSAPI
in /etc/ldap.conf
now slapd log BIND dn authcid="user at realm"
so it seems ok, but now i cannpot use kdm to connect from my station
removing the new conf from ldap.conf solved my prob but I'm back with
the bin dn= ""
Do you have a system-auth + ldap.conf sample for krb5 + openldap ?
thanks !
More information about the rhn-users
mailing list