[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

On Thu, 27 Mar 2003, Matthew Mauzy wrote:

> > My guess is that anonymous cannot read userPassword attribute, or the
> > userPassword attribute is not of the {crypt}xxxxxxxxxxxxx form.
> Correct.  My userPassword attribute is {KERBEROS}prinical@REALM

To my knowledge this will not to work, I tried other hashes such as md5
and cleartext and non of them worked.  userPassword has to use {crypt}

> I am now getting account info from LDAP.  Only problem is getting PAM
> stacked correctly to allow login via ssh/telnet/xdm for LDAP accounts.  I
> can su into the account, but logins fail to no local accounts.

If you leave default pam config, login pam_unix_auth will be used which in
turn will consult nsswitch.  You can configure pam to use ldap directly,
check 'man pam_ldap'.  It is very simple.