On 2006-02-10 15:16:07 +0100, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> said:
> Yes, It's the first solution that I have tried. > login->pam_krb5->kerberos + ldap for account > > And I would to test the login->pam_ldap->openldap->SASL->kerberos just > for fun :) > with this way, all client can connect to the server with ldap (no need > of kerberos). Kerberos client can supplementary have a ticket. But I > don't know if this is possible with just ldap in pam. > But kerb and next ldap in pam works. But this means that the password is in LDAP, you have NO credentials upon login. SASL/GSSAPI are meant to be used against kerberos granting access to some resources like ldap entries, not to obtain a ticket... -- Sensei <[EMAIL PROTECTED]> Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest. (Isaac Asimov) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
