[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi, sasl, pam interaction



Adrian Worthington wrote:
	  what i can't figure out is how to hold directory information
in the ldap server, the password in kerberos and setup pam_ldap to use
the password given to the login process to aquire a ticket from the
kerberos server,
AFAIK that is what pam_krb5 does.

and have ldap/sasl-gssapi use the identity based on the
kerberos authentication to retrieve all the neccessary account and user
information from the ldap server (shell, user, uidnumber etc.).
That would mean, pam_ldap and nss_ldap have to support SASL/GSSAPI to bind with your kerberos credentials to the directory, I don't think it is possible/supported (would be nice anyway).

if
anybody has setup this configuration could they please outline the
steps taken to setup pam_ldap and the pam.d/login (or system-auth)
files correctly.

thanks in advance

hth
 Paul