Re: Kerberos and LDAP
I tried 'id ronni' which did not work.
Then I stopped nscd and success! I am now able to login using the user
Now, I have read a lot, and seems to have lost the complete overview of
how it all works together. Can someone explain to me, just in a
superficial way, how it fits together or point me to a link?
My next step is to get Kerberos working with SSH, as I understand it, I
have to configure SSH to use Kerberos to authenticate the user by
forwarding my local Kerberos key; is that correct?
Thank you for your help so far!
On Thu, 2008-10-30 at 12:52 +0100, Davor Ocelic wrote:[color=blue]
> On Thu, 30 Oct 2008 10:36:35 +0100
> Ronni Feldt <firstname.lastname@example.org> wrote:
> > Hi,
> > Im still trying to get this to work.
> > tail /var/log/auth.log on workstation says this:
> > Oct 30 10:29:02 rofe login: pam_unix(login:auth): check pass;
> > user unknown
> > Oct 30 10:29:02 rofe login: pam_unix(login:auth):
> > authentication failure; logname=rofe uid=0 euid=0 tty=tty2 ruser=
> > rhost= Oct 30 10:29:02 rofe login: pam_unix(login:account):
> > could not identify user (from getpwnam(ronni))
> Tcpdump is an overkill in this simple scenario.
> A requirement for the login to succeed is to have commands such as
> 'id mirko' or 'id ronni' return the getent information for the
> requested user.
> Not always, but 'getent passwd' should in most cases also return
> an output that looks like a passwd file, but has both local and
> remote entries included.
> For that, you need libnss-ldap package installed & configured on
> the client. (Configuration consists of libnss-ldap.conf and
> Also, if you have nscd installed on the client, turn it off for
> a while until you get 'id ronni' working.
> After you get that working first, move onto getting the actual
> login step.
> Kerberos mailing list [email]Kerberos@mit.edu[/email]