Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 02-27-2006, 06:01 PM   #1
Registered: Jan 2005
Distribution: fedora, redhat, gentoo, suse
Posts: 30

Rep: Reputation: 15
Single Login with LDAP and Kerberos


I have LDAP and kerberos working, with a test user database in place.
If i do a kinit I get the correct tgt and ldap tickets.
I can then do an ldap search on anything (that im supposed to)

ldapwhoami works with and without -x (without yields anonymous)

finger works fine for ldap users, as well as file stats.

It looks like everything is working fine.

so, how the hell do I set up the client so that I can type my LDAP login name and Kerberos password
to log in... it won't let me in unless i create the account on the local machine. I can then log in with my krb5 password. But i want to be able to log in with no account on the local system (i.e. completly relying on LDAP/krb5).

This is debian so that pam conf files are a little screwy.

auth sufficient /tmp/ use_first_pass nullok
auth sufficient use_first_pass try_first_pass forwardable
auth sufficient use_first_pass nullok_secure

account required

session optional
session optional
#session optional
session optional
session required skel=/etc/skel/ umask=0

password sufficient nullok obscure min=4 max=8 md5
password sufficient /lib/security/ use_authtok
password required

If no local account exisits /var/log/authlog shows:
error: PAM: Permission denied for illegal user [username] from localhost.localdomain

and i just keep getting password prompts.
I can however log in as any local account with the localpassword.

please help.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
kerberos/ldap login -> samba problems mesepher Linux - Software 6 02-28-2006 08:33 AM
Samba with winbind, kerberos and ldap? humbletech99 Linux - Networking 2 02-03-2006 03:23 AM
Replace NIS with LDAP and Kerberos mesh2005 Linux - Networking 4 12-22-2005 04:41 AM
NIS versus LDAP/Kerberos elbe3321 Linux - Networking 2 08-27-2004 02:58 PM
tutorial on samba + ldap + kerberos coolamit78 Linux - Networking 1 06-10-2004 01:00 PM

All times are GMT -5. The time now is 11:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration