LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-27-2006, 06:01 PM   #1
edgood1
Member
 
Registered: Jan 2005
Distribution: fedora, redhat, gentoo, suse
Posts: 30

Rep: Reputation: 15
Single Login with LDAP and Kerberos


Hello,

I have LDAP and kerberos working, with a test user database in place.
If i do a kinit I get the correct tgt and ldap tickets.
I can then do an ldap search on anything (that im supposed to)

ldapwhoami works with and without -x (without yields anonymous)

finger works fine for ldap users, as well as file stats.

It looks like everything is working fine.

so, how the hell do I set up the client so that I can type my LDAP login name and Kerberos password
to log in... it won't let me in unless i create the account on the local machine. I can then log in with my krb5 password. But i want to be able to log in with no account on the local system (i.e. completly relying on LDAP/krb5).

This is debian so that pam conf files are a little screwy.

#common-auth
auth sufficient /tmp/pam_athena_auth.so use_first_pass nullok
auth sufficient pam_krb5.so use_first_pass try_first_pass forwardable
auth sufficient pam_unix.so use_first_pass nullok_secure

#common-account
account required pam_unix.so

#common-session
session optional pam_unix.so
session optional pam_krb5.so
#session optional pam_krb4.so
session optional pam_openafs_session.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0

#common-password
password sufficient pam_unix.so nullok obscure min=4 max=8 md5
password sufficient /lib/security/pam_krb5.so use_authtok
password required pam_deny.so



If no local account exisits /var/log/authlog shows:
error: PAM: Permission denied for illegal user [username] from localhost.localdomain

and i just keep getting password prompts.
I can however log in as any local account with the localpassword.

please help.

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
kerberos/ldap login -> samba problems mesepher Linux - Software 6 02-28-2006 08:33 AM
Samba with winbind, kerberos and ldap? humbletech99 Linux - Networking 2 02-03-2006 03:23 AM
Replace NIS with LDAP and Kerberos mesh2005 Linux - Networking 4 12-22-2005 04:41 AM
NIS versus LDAP/Kerberos elbe3321 Linux - Networking 2 08-27-2004 02:58 PM
tutorial on samba + ldap + kerberos coolamit78 Linux - Networking 1 06-10-2004 01:00 PM


All times are GMT -5. The time now is 01:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration