On Feb 13, 10:16 pm, Luke Scharf <[email protected]> wrote: > > Using an x509 host-certificate for host-level authentication? > > -Luke
I've done something simpler. first of alll, I've created a kerberos user for pam services, with a random key and I've added it to /etc/ldap/ldap.keytab file. kadmin.local -q "addprinc -randkey [email protected]" kadmin.local -q "ktadd -k /etc/ldap/ldap.keytab" after, I've added a kinit instruction in /etc/init.d/kdm service script: kinit -kt /etc/ldap/ldap.keytab [email protected] at the end, I have a problem for kdm(-3.5): the program needs to access the loginShell openldap attribute to add the user to the userlist. But loginShel has often a limited access. So, I added this to slapd.access: access to attrs=loginShell by dn=uid=pam,cn=paschini.edu,cn=gssapi,cn=auth read by dn="cn=admin,dc=paschini,dc=edu" write by anonymous auth by self write by * none ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
