Chris Samuel <[EMAIL PROTECTED]> writes: > We were trying to do that for one of our members, but > were told by the AD admins that we could only use the > users credentials to bind to the AD server for queries > as they were using lockouts on failed password attempts > and so would not provide a "system" style account for > queries as locking that out would stop all users from > accessing the cluster.
I don't understand that. If you need LDAP data, as opposed to just Kerberos authentication, and you're not allowed anonymous access to it, you either use a `well-known' password on a special account (which you're probably also not allowed...) or the `machine' account. The latter is what you get from `joining the domain' (e.g. with Samba) and, as far as I remember, is just the system's Kerberos host principal, whose key you stash in a keytab. Obviously avoid AD if you can, though. _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
