[30565] in Kerberos
Re: LDAP + Kerberos grouping/password
daemon@ATHENA.MIT.EDU (Coy Hile)
Fri Dec 19 10:53:27 2008
Date: Fri, 19 Dec 2008 15:52:26 +0000 (UTC)
From: Coy Hile <coy.hile@coyhile.com>
To: Mathew Rowley <mathew_rowley@cable.comcast.com>
In-Reply-To: <C5710F5D.512C%mathew_rowley@cable.comcast.com>
Message-ID: <Pine.LNX.4.64.0812191551090.18788@chaos.coyhile.com>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 19 Dec 2008, Mathew Rowley wrote:
> Do you have to sync passwords between Kerberos and LDAP if I am using LDAP
> for user specific information? For example, if I ssh to a box, I want it to
> authenticate with kerberos, but get the gid/uid/shell/homedir from LDAP. Is
> there a way to specify the LDAP PAM module to not to auth against LDAP, just
> get the user information?
>
The user information is obtained via nss calls. That's not controlled by
PAM at all. You shouldn't need ldap mentioned in your PAM config at all.
Fix your nss config and you should be fine.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
