[rhn-users] openldap + pam_ldap + krb5 auth

[FM]

I installed openldap 2.2.x with krb5 (SASL).

Now I am trying to set my station to authenticate my station

my system-auth look like this :
auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass debug
auth        required      pam_deny.so
account     sufficient    pam_unix.so
account     required      pam_deny.so
account     [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore]   /lib/security/pam_krb5.so debug
account     sufficient    pam_ldap.so use_first_pass

password    required      pam_cracklib.so retry=3 minlen=2  dcredit=0
ucredit=0 ucredit=0
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/pam_krb5.so debug
password    required      pam_deny.so
session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     required      pam_limits.so
session     required      pam_unix.so
session     optional      /lib/security/pam_krb5.so


I can connect but in the slapd log, it connect to ldap using BIND dn=""
and then it auth using sasl

If i try whoami for example the BIND dn is also = ""

So,
If I put
use_sasl on
pam_sasl_mech GSSAPI

in /etc/ldap.conf

now slapd log BIND dn  authcid="user at realm"

so it seems ok, but now i cannpot use kdm to connect from my station
removing the new conf from ldap.conf solved my prob but I'm back with
the bin dn= ""




Do you have a system-auth + ldap.conf sample for krb5 + openldap ?


thanks !