Example nslcd.conf file for kerberos?

[ddmayne [at] xmission.com]

I have installed nss-pam-ldap and am now proceeding with my testing.  
Thanks for your help with the hints about how to compile the package.

Is there an example nslcd.conf file when working with kerberos authentication?
What I have tested so far is as follows. I have setup a real user that  
the daemon will run as, and have given that user a valid kerberos tgt.  
That allows authentication and reading my ldap database (Microsoft  
2003 R2 with SFU3.0 (active directory)). For example, with nslcd  
running, the command,
$ getent passwd

works and returns local users and users defined in the SFU schema. Yeah!

To get this working, I have set the values in the configuration file,  
nslcd.conf:

sasl_mech gssapi
sasl_authcid u:nslcd

I have not set a value for  sasl_authzid. I assume it is able to find  
the tgt,  because the ldap queries are returned with data. However, in  
debug mode I see these entries at the end of a query:
DEBUG: do_sasl_interact(): were asked for sasl_authzid but we don't have any
DEBUG: ldap_result(): end of results

Are the above messages normal, or something indicating a configuration error?

By the way, do you know if there is a standard method for client  
services, like nslcd, for renewing and watching for end of lifetimes  
on the kerberos tgt?

Thank you,
Douglas Mayne

p.s. Please, excuse my ignorance. I am just trying to understand this.


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users