Hi, Can someone please tell me how to configure login on the FreeBSD-5.1-RELEASE box to use ldap authentication (using SASL/GSSAPI), pam_krb5, pam_ldap and nss_ldap modules repectively. I have successfully configured openldap21-2.1.20_1 with heimdal-0.5.1. I can execute ldapsearch, ldapadd etc using SASL/GSSAPI mechanism without any problems at all on the local box. On /usr/local/etc/openldap/slapd.conf I've added the following extra stuff:
require SASL sasl-realm MYDOMAIN.COM sasl-host test.mydomain.com sasl-secprop noplain,noanonymous,minssf=56 sasl-regex uid=(.*),cn=MYDOMAIN.COM,cn=gssapi,cn=auth uid=$1,ou=People,dc=mydomain,dc=com The pam_krb5, nss_ldap, pam_ldap modules are working fine since login is working fine with anonymous LDAP bind. But everything stops when I am disabling anonymous bind. My /etc/pam.d/login file is as follows: auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_krb5.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_krb5.so account sufficient /usr/local/lib/pam_ldap.so account required pam_login_access.so account required pam_securetty.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so password required pam_unix.so no_warn try_first_pass Any help will be greatly appreciated. Thanks in advance, skb _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
