Re: Kerberos with Activedirectory or password hashing

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Kerberos with Activedirectory or password hashing
Date: Sat, 08 Oct 2011 16:22:45 +0200

On Fri, 2011-10-07 at 14:04 -0700, John Andrunas wrote:
> I have successfully gotten nslcd to bind to Windows Active Directory
> using a simple bind, but so far have been unable to get it to bind
> with Kerberos.

For Kerberos authentication you should use pam_krb5. You could use
Kerberos to authenticate nslcd to the LDAP server nslcd does not do
Kerberos authentication for normal users.

To authenticate nslcd using Kerberos you should set sasl_mech to GSSAPI
and configure the sasl_realm and krb5_ccname options (and leave out
binddn/bindpw) (at least that what has been reported I personally don't
use Kerberos).

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Kerberos with Activedirectory or password hashing, John Andrunas
- Re: Kerberos with Activedirectory or password hashing, Arthur de Jong

Prev by Date: Kerberos with Activedirectory or password hashing
Next by Date: debian 6 nslcd and ldap auth to AD
Previous by thread: Kerberos with Activedirectory or password hashing
Next by thread: debian 6 nslcd and ldap auth to AD