> Firstly, have you created a valid kerberos principal
> in the Solaris 9 KDC database for the ldap user in question ?
The user has following DN:
uid=bob,ou=people,ou=sale,ou=examplecity,dc=example,dc=com and the principal
is bob/sale.examplecity.example.com.
The mapping looks like
dsmatching-pattern: ${Principal}
dsmatching-regexp: (.*)/(.*).(.*)[EMAIL PROTECTED]
dsmappeddn: uid=$1,ou=people,ou=$2,ou=$3,dc=example,dc=com
>
> And for pam-kerberos to work correctly, you would need to setup
> pam.conf correctly for the required service (which in this case
> is login, I presume) on the client.
I did that too. The lines for authentication look like
(...)
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
(...)
I'm not sure if the thing with the host principal worked well. Do I always
need a principal for the host and what's the easiest way to create a
principal for a Linux box on a Solaris KDC?
Thanks for answers,
Johannes
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
