[19439] in Kerberos
Re: Kerberos-Gssapi-ldap-pam interaction
daemon@ATHENA.MIT.EDU (John Morris)
Wed Jun 18 20:03:47 2003
To: kerberos@mit.edu
From: John Morris <john@butchwax.com>
In-Reply-To: <1053514889.13270.9.camel@balcsi.vectra.startv.hu>
Date: 18 Jun 2003 19:02:41 -0500
Message-ID: <m3brwvkk7y.fsf@capsulecorp.lan.butchwax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
I'm using it for account management. The 'groupdn' feature is a nice
way to set a per host ACL for who's allowed login. Otherwise, between
nss_ldap and pam_krb5, it's not needed.
John
Balazs GAL <balsa@rit.bme.hu> writes:
> 2003-05-14, sze keltezéssel Jerome Walter ezt írta:
>
> > The first step i am trying to reach is to get this working :
> > auth -> Kerberos
> > account -> LDAP
> > password -> Kerberos
>
> I dont understand why you use pam_ldap?
>
> I think pam_krb5.sf.net for authentication and nss_ldap for
> authorization are a good pair for most unix domains.
>
> balsa
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
John Morris
+1-512-833-6004
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
