On Sun, 2003-08-31 at 00:57, Stephen Frost wrote: > * Matthijs Mohlmann ([EMAIL PROTECTED]) wrote: > > I use for authentication KerberosV. For all types of data i use OpenLDAP > > and for login on into a computer on a network i use PAM. > [...] > > Now i want this together. But i don't know how. I've read the > > documentation from PAM but i don't get it. > > > > What i want is the security of KerberosV and the Flexibility of > > OpenLDAP. > > If you want the security of Kerberos you shouldn't be using pam_krb5 > ever or having userPassword in OpenLDAP at all. > > > My configuration is now that in OpenLDAP is a attribute userPassword and > > this attribute points to the KerberosV database. > > This means that the password is sent in cleartext from the client to the > server, totally against the Kerberos security model which *never* allows > the password across in cleartext. > > What you need is to get Kerberized clients and servers and to remove > pam_krb5 from everything. > > Stephen
Do you have another idea ? I want to login on my KerberosV server and then i have to type my password. I have my libpam-krb5 module only in /etc/pam.d/login and /etc/pam.d/gdm. Is there something else you can advice me to take ? I have also another problem with gdm. When i make the change to libnss-ldap.conf: -host server.active2.homelinux.org +uri ldaps://server.active2.homelinux.org/ Then gdm would not run. I've the debug option in gdm.conf on true but the logs don't say anything about the problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
