Hello,
I am having problems understanding kerberos, LDAP and Cyrus SASL
interaction.
I am using LDAP to store the users information like uid, home directory,
grouid, geco (passwd without the password field).
I have kerberos configured and working.
I understand that SASL is a layer that provides authentication mechanims
to protocols like LDAP. By using GSSAPI, as soon as I get a Kerberos TGT
I will be allowed to get a TGS for LDAP. However, if the LDAP directory
holds my userid and groupid, necessary to pam_krb5, and if I need a TGT
to access a TGS for ldap how will I be able to login.
If I have the concepts wrong please let me know.