[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap authentication

To: openldap-software@OpenLDAP.org
Subject: ldap authentication
From: Bobby Cheema <pche066@cs.auckland.ac.nz>
Date: Thu, 13 Feb 2003 16:07:49 +1300
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Hi all Gurus

I want to do authentication against ldap. my ldap appeared to be set properly i.e from client i can run ldapsearch with -Y gssapi and it works fine. when i do getent passwd i do get responce from ldap.but when i do ssh to the server (enbled in pam) i get the following message in my logs

Feb 13 16:06:21 medusa05 sshd(pam_unix)[29603]: check pass; user unknown Feb 13 16:06:21 medusa05 sshd[29603]: PAM-listfile: getgrgid(8509) failed Feb 13 16:06:21 medusa05 sshd[29603]: pam_krb5afs: authentication succeeds for `pche066' Feb 13 16:06:21 medusa05 sshd[29603]: pam_krb5afs: Got 130 extra bytes in v4 TGT Feb 13 16:06:24 medusa05 sshd[29603]: Failed password for pche066 from 130.216.35.160 port 33224 ssh2

can anybody hep me in rectifying this problem ? secondly in my ldap database i have following entry

 # pche066, People, cs.auckland.ac.nz
dn: uid=pche066,ou=People,dc=cs,dc=auckland,dc=ac,dc=nz
description: created by ldapa - `me mi my mo, me mo my me'
cn: pche066
objectClass: posixAccount
objectClass: account
objectClass: top
loginShell: /bin/bash
userPassword:: e2tlcmJlcm9zfXBjaGUwNjZARUMuQVVDS0xBTkQuQUMuTlo=
uid: pche066
homeDirectory: /afs/ec.auckland.ac.nz/users/p/c/pche066/unixhome
gecos: pche066
uidNumber: 22091
gidNumber: 8509


well, do i have to change userPassword to make it read as
userPassword: {KERBEROS}pche066@EC.AUCKLAND.AC.NZ


to make ssh work

Thanks a lot for yr help so far

Regards

-Bobby

Follow-Ups:
- Re: ldap authentication
  - From: Mitrana Cristian <cmitrana@xnet.ro>

Prev by Date: Re: i have no name!
Next by Date: Memory and CPU usage
Index(es):
- Chronological
- Thread