What is the "correct" way of authentication against an AD with krb5 on linux? I currently have a rh9 test server with samba-3.0.5, krb5-1.3.4, and pam_krb5-1.3-rc7.
I'm wanting to have different services use pam to authenticate against the windows AD, so I'm frying my brain on setting up pam to do the authentication correctly so that local users have access to some things and windows users have access to others. For example, I started mucking with /etc/pam.d/ssh to use winbind for auth (with security=ads in smb.conf), then I realized I needed to use pam_krb5 in order to hit the windows k5 server....I can get logged in but klist doesn't show any tickets cached. If I am authenticated against the kerberos server I should have a ticket cached, right? To sum it up, I'm lost. I've read the docs at samba's site, and they are great docs but they don't seem to cover integration with other services that in depth.
Any tips on this project?