what i can't figure out is how to hold directory information in the ldap server, the password in kerberos and setup pam_ldap to use the password given to the login process to aquire a ticket from the kerberos server,
AFAIK that is what pam_krb5 does.
and have ldap/sasl-gssapi use the identity based on theThat would mean, pam_ldap and nss_ldap have to support SASL/GSSAPI to bind with your kerberos credentials to the directory, I don't think it is possible/supported (would be nice anyway).
kerberos authentication to retrieve all the neccessary account and user
information from the ldap server (shell, user, uidnumber etc.).
if anybody has setup this configuration could they please outline the steps taken to setup pam_ldap and the pam.d/login (or system-auth) files correctly.
thanks in advance
hth Paul