Kerberos only authenticates local account?
A principal is created in Kerberos REALM as: "SOMEONE@COMPANY.COM".
NOTE: no host name is used! I want to login by giving user name "SOMEONE" w/ correct password to login to a machine that has access to KDC. But this fails and it seems ONLY principals that are also accounts on the local machine can log on to the machine. Here's the error message: Quote:
Quote:
Thanks! |
Are you using ldap to query your AD server? In many cases ldap queries the AD server, and looks for the user there. However from what I gather your goal here is to have accounts that exist say, on your box, and that don't exist in the AD tree, but you want to use this login for other machines? Have you tried to recieve a kerberos ticket?
Try these commands # kinit SOMEONE Password for SOMEONE@COMPANY.COM: ... # klist Ticket cache: FILE:/tmp/krb5cc_1003 Default principal: SOMEONE@COMPANY.COM Let me know if this works. |
Quote:
Anyway, kerberos on my machine works. There is no problem to kinit, klist and as I said in the question, it also works for login (authentication and issuing tickets) except that it only lets a principal that is also a local linux account to login. goal 1: use kerberos for login on different linux machines (no need to repeatedly create the same account on them) goal 2 (better): use openldap for account but it uses kerberos for password and issuing tickets. (there is no problem I can use pam_ldap for using openldap for authentication. but it uses password stored in ldap and no tickets issued upon a successful login) |
All times are GMT -5. The time now is 10:20 PM. |