Bobby Cheema wrote:
Hi all Gurus
I want to do authentication against ldap. my ldap appeared to be set properly i.e from client i can run ldapsearch with -Y gssapi and it works fine. when i do getent passwd i do get responce from ldap.but when i do ssh to the server (enbled in pam) i get the following message in my logs
Feb 13 16:06:21 medusa05 sshd(pam_unix)[29603]: check pass; user unknown
Feb 13 16:06:21 medusa05 sshd[29603]: PAM-listfile: getgrgid(8509) failed
Feb 13 16:06:21 medusa05 sshd[29603]: pam_krb5afs: authentication succeeds for `pche066'
Feb 13 16:06:21 medusa05 sshd[29603]: pam_krb5afs: Got 130 extra bytes in v4 TGT
can anybody hep me in rectifying this problem ? secondly in my ldap database i have following entry
# pche066, People, cs.auckland.ac.nz dn: uid=pche066,ou=People,dc=cs,dc=auckland,dc=ac,dc=nz description: created by ldapa - `me mi my mo, me mo my me' cn: pche066 objectClass: posixAccount objectClass: account objectClass: top loginShell: /bin/bash userPassword:: e2tlcmJlcm9zfXBjaGUwNjZARUMuQVVDS0xBTkQuQUMuTlo= uid: pche066 homeDirectory: /afs/ec.auckland.ac.nz/users/p/c/pche066/unixhome gecos: pche066 uidNumber: 22091 gidNumber: 8509
well, do i have to change userPassword to make it read as userPassword: {KERBEROS}pche066@EC.AUCKLAND.AC.NZ
to make ssh work
If you want to authenticate against a KDC why use LDAP in between ? use the GSSAPI patches fot openssh (assuming that's what you're using).
hth, mitu