Mathew Rowley wrote: > Do you have to sync passwords between Kerberos and LDAP if I am using LDAP > for user specific information? For example, if I ssh to a box, I want it to > authenticate with kerberos, but get the gid/uid/shell/homedir from LDAP. Is > there a way to specify the LDAP PAM module to not to auth against LDAP, just > get the user information?
Not clear why you want to sync passwords. If you want to use Kerberos for authentication, don't authenticate to LDAP, and don't use the passwords. Depending on your OS, you can have them set to NP or *NP* so they can't be used. So don't use the pam_ldap. Let nsswitch find ldap for getting the rest of the info and use pam_krb5. > > Thanks. > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
