RSS feed

Example nslcd.conf file for kerberos?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Example nslcd.conf file for kerberos?

I have installed nss-pam-ldap and am now proceeding with my testing. Thanks for your help with the hints about how to compile the package.

Is there an example nslcd.conf file when working with kerberos authentication?
What I have tested so far is as follows. I have setup a real user that the daemon will run as, and have given that user a valid kerberos tgt. That allows authentication and reading my ldap database (Microsoft 2003 R2 with SFU3.0 (active directory)). For example, with nslcd running, the command,
$ getent passwd

works and returns local users and users defined in the SFU schema. Yeah!

To get this working, I have set the values in the configuration file, nslcd.conf:

sasl_mech gssapi
sasl_authcid u:nslcd

I have not set a value for sasl_authzid. I assume it is able to find the tgt, because the ldap queries are returned with data. However, in debug mode I see these entries at the end of a query:
DEBUG: do_sasl_interact(): were asked for sasl_authzid but we don't have any
DEBUG: ldap_result(): end of results

Are the above messages normal, or something indicating a configuration error?

By the way, do you know if there is a standard method for client services, like nslcd, for renewing and watching for end of lifetimes on the kerberos tgt?

Thank you,
Douglas Mayne

p.s. Please, excuse my ignorance. I am just trying to understand this.

To unsubscribe send an email to or see