[EMAIL PROTECTED] wrote:
> Yes, It's the first solution that I have tried. > login->pam_krb5->kerberos + ldap for account > > And I would to test the login->pam_ldap->openldap->SASL->kerberos just > for fun :) > with this way, all client can connect to the server with ldap (no need > of kerberos). Kerberos client can supplementary have a ticket. Not really. The user has not authenticated to the client machine. The user has only authenticated to the ldap server, and the machine should not trust this, as it has no bindings to the ldap server. You need to look closely at where the user and password are used and how does the machine verify that it is the correct ldap server. But I > don't know if this is possible with just ldap in pam. > But kerb and next ldap in pam works. > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
