kerberos with kdap

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

kerberos with kdap

Rowan Woodhouse
Hi,

I'm trying to get Kerberos authentication work with LDAP and have come
up against a bit of a personal brick wall... Both the client and server
systems are Debian 3.1 (Sarge) with the debian kerberos and ldap
packages installed.

Kerberos auth works fine for local users (ie I can ssh in with a
kerberos ticket) but if I try the same with a ldap user then it fails.
If I su to the ldap defined user I get "su: Authentication service
cannot retrieve authentication info". The strange thing is that if I
finger the ldap user I get the normal information back and they are also
listed when I do a getent passwd.

Does anyone have any ideas about what could be causing this?

Thanks,

Rowan
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kerberos with kdap

Turbo Fredriksson-3
Quoting Rowan Woodhouse <[hidden email]>:

> Kerberos auth works fine for local users (ie I can ssh in with a
> kerberos ticket) but if I try the same with a ldap user then it
> fails. If I su to the ldap defined user I get "su: Authentication
> service cannot retrieve authentication info".

Did you update the /etc/pam.d/su file? Should look like the /etc/pam.d/ssh
file...

> The strange thing is
> that if I finger the ldap user I get the normal information back and
> they are also listed when I do a getent passwd.

That's taken care of by the LibNSS/LDAP module so that's 'completely'
different...

> Does anyone have any ideas about what could be causing this?

Check you logs and maybe run su 'within' strace...
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos