[31984] in Kerberos
Re: LDAP/Kerberos client config
daemon@ATHENA.MIT.EDU (mark@mproehl.net)
Tue Jan 26 10:37:44 2010
Message-ID: <4bfcadab7e77f36fe26e2ba3059814b4.squirrel@mproehl.net>
In-Reply-To: <4b5dcb78$0$6912$e4fe514c@dreader17.news.xs4all.nl>
Date: Tue, 26 Jan 2010 16:37:37 +0100 (CET)
From: mark@mproehl.net
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
did you check if the credential cache can be accessed by nscd. E.g., if
nscd is running as nobody and /tmp/krb5cc_0 belongs to root it will not work.
Mark
> Hi all,
>
> Now that I'm satisfied with my OpenLDAP/Kerberos server configuration,
> I'm attempting to devise a suitable (Debian lenny) client setup for it.
>
> Although I hear that it may not be the best approach, I'm currently
> pursuing a client configuration that includes kstart, libnss-ldap, nscd
> and libpam-ldap. At the moment I'm happy with all of it except libnss-
> ldap.
>
> Kstart has no problem obtaining an initial Kerberos ticket, but I can't
> get libnss-ldap to use it to access the DIT. So far my libnss-ldap.conf
> looks like:
>
> base dc=example,dc=com
> uri ldap://ldapks1.example.com/
> ldap_version 3
> rootuse_sasl yes
> krb5_ccname FILE:/tmp/krb5cc_0
>
> Any idea what I might be missing?
>
> Thanks,
>
> Jaap
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
