I have a working installation with account information in ldap, workstations accessing account information via libnss-ldap and nscd. Further, a kerberos kdc with principals matcing users in ldap. All machines have a krb5.keytab. Home directories are currently served via nfs from one server to the workstations.
[...]
But with the centralized account handling described above I'm running out of options. Do I need to modify the /etc/pam.d/ssh file although I do not want to send any passwords over the network (even in a ssh-session)?
The first thing I would try is running both sshd and ssh in debug mode. I usually start sshd like "sshd -Deddd -p 3022" and ssh like "ssh -vvv -p 3022 hostname"
Give that a shot, and it should hopefully explain in a pretty straightforward way what the problem is.
-Mark
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
