Kerberos Authentication without Local Account?
Hello,
I have setup Kerberos authentication by correcting /etc/krb5.conf after installing libpam-krb5 and the krb5 tools package. With this I am able to authenticate to kerb just fine as long as there is a local account with the same username. Is there a method of self-creating a username upon success of authentication through kerberos, or perhaps defaulting to a specific local username so there doesn't have to be a pre-defined local account created for each individual? |
normally you'd use ldap or, to a lesser extent, nis to hold the user data. That's the option you need to take really. I would assume you have a suitable system already available for this as kerberos must be running against it. If you have local accounts then you'll have mismatched UID's across systems and all sorts of mess.
|
All times are GMT -5. The time now is 01:12 AM. |