[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi, sasl, pam interaction

To: openldap-software@OpenLDAP.org
Subject: Re: gssapi, sasl, pam interaction
From: paul k <paul@subsignal.org>
Date: Fri, 26 Sep 2003 12:48:26 +0200
In-reply-to: <20030925231253.GE30758@homer.adiw.net>
References: <20030925231253.GE30758@homer.adiw.net>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

Adrian Worthington wrote:

	  what i can't figure out is how to hold directory information
in the ldap server, the password in kerberos and setup pam_ldap to use
the password given to the login process to aquire a ticket from the
kerberos server,

AFAIK that is what pam_krb5 does.

and have ldap/sasl-gssapi use the identity based on the kerberos authentication to retrieve all the neccessary account and user information from the ldap server (shell, user, uidnumber etc.).

That would mean, pam_ldap and nss_ldap have to support SASL/GSSAPI to bind with your kerberos credentials to the directory, I don't think it is possible/supported (would be nice anyway).

if
anybody has setup this configuration could they please outline the
steps taken to setup pam_ldap and the pam.d/login (or system-auth)
files correctly.

thanks in advance

hth
 Paul

Follow-Ups:
- Re: gssapi, sasl, pam interaction
  - From: Adrian Worthington <adiw@adiw.net>

References:
- gssapi, sasl, pam interaction
  - From: Adrian Worthington <adiw@adiw.net>

Prev by Date: slapd dies sliently
Next by Date: Re: gssapi, sasl, pam interaction
Index(es):
- Chronological
- Thread