Hi
Situation:
I am trying SSO.
I have an OpenLDAP 2.3 server running on FreeBSD 6.2.
I have clients configured with nssldap and pam_ldap by plaintext
authentication and works (id USERNAME, getent USERNAME and ssh login).
Next, I added an Kerberos server (hedimal) on the OpenLDAP server.
a) I added ldap/server.mydomain principle in the Kerberos server and
point slapd.conf to use the new keytab.
b) I added nssldap/client.mydomain principle in the Kerberos server and
put it in the client server (FreeBSD 6.2) as /etc/nssldap.keytab.
Then I have cron job running in the client server:
/usr/bin/kinit -t /etc/nssldap.keytab -c /tmp/.ldapcache -k
nssldap/fbsd63c2.localdomain && chmod 644 /tmp/.ldapcache
c) Then I configure the client server to use sasl for
nss_ldap/pam_ldap.
In the client server, I want client to authenticate by pam_ldap instead
of pam_krb5.
Now 'ldapwhoami, id username' and 'getent passwd' works, but cannot
login the user.
I think this is pam_ldap and sasl problem, any suggestions?
Below is my part of the ldap.conf (used by nss/pam ldap):
krb5_ccname FILE:/tmp/.ldapcache
# nss_ldap
use_sasl yes
sasl_authid nssldap/fbsd63c2.localdomain
rootuse_sasl yes
rootsasl_auth_id nssldap/fbsd63c2.localdomain
# pam_ldap
pam_sasl_mech GSSAPI
____________________________________________________________________________________
Bored stiff? Loosen up...
Download and play hundreds of games for free on Yahoo! Games.
http://games.yahoo.com/games/front
