On Thu, 27 Mar 2003, Matthew Mauzy wrote:
> My guess is that anonymous cannot read userPassword attribute, or the
> userPassword attribute is not of the {crypt}xxxxxxxxxxxxx form.
Correct. My userPassword attribute is {KERBEROS}prinical@REALM
To my knowledge this will not to work, I tried other hashes such as md5
and cleartext and non of them worked. userPassword has to use {crypt}
hash.
I am now getting account info from LDAP. Only problem is getting PAM
stacked correctly to allow login via ssh/telnet/xdm for LDAP accounts. I
can su into the account, but logins fail to no local accounts.
If you leave default pam config, login pam_unix_auth will be used which in
turn will consult nsswitch. You can configure pam to use ldap directly,
check 'man pam_ldap'. It is very simple.