[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MIT Kerby 5/LDAP integration: Initial success?

On Sunday 07 March 2004 21:49, Kevin wrote:
> Hi All-
> Many thanks to all on this list who've helped me get
> to where I think I am now.
> I'm kind of excited and writing to report what seems
> to be at least an initial success (still have to get
> AFS data worked into this picture), and to ask some
> more questions about how it works and where some
> things are stored (number of failed login attempts).

Also, after logging in as a nonsense user, I checked a 
couple of things:

$ whoami
as expected (the contents of the uid field from LDAP)

$ id
uid=uidNumber as expected, gid=gidNumber as expected, 
but along with the gid (expected) groups is also 
showing these two: groups=33838,39880.

I have no idea where these come from.  They are not 
group numbers from the client's /etc/group file, 
they're not in the LDAP Directory.  Can anyone tell me 
what other sources are consulted in this process and 
thus where these group numbers might be coming from?

I do want to create the ability to have a user present 
only in the LDAP Directory be able to belong to 
multiple groups, and I'm sure that's an option, but 
I'm still not sure how to implement it and this might 
give me some insight.

What other pieces of data does the login program obtain 
from the LDAP Directory (and/or elsewhere)?