[KLUG Members] Kerberos
Adam Tauno Williams
awilliam at whitemice.org
Tue Sep 20 21:01:38 EDT 2005
> >>I'm trying to set up Kerberos Authentication for Apache2 on SLES9.
> >>I've been unable to find rpm's or successfully compile an auth mod for
> >>Apache2.
> >>I decided to use pam_auth_mod and configure pam to use kerberos.
> >>The problem I'm running into is this.
> >>When I log in to the system either using pam or via apache the request
> >>never gets sent to the Kerberos server unless there is an existing local
> >>account in passwd. Then even if there is a local account kerberos auth
> >>still fails.
> >What are you using for NSS?
Kerberos is an authorization/authentication system; it is not a name
service. It must be used in conjunction with a name service - so you
can setup LDAP or <trembles/> NIS.
> nssswitch.conf:
> passwd: compat
> group: compat
There you go - there is no name service.
> I can't su to the user because I can't auth as the use.
Because there is no name service to provide getpwent for the user.
> I 'kinit username'
> It asks for a password and accepts the correct password.
Sure, because Kerberos doesn't need the account info - it just wants you
to prove the identity that you claim to be. The Operating System
however needs the account information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20050920/90f39506/attachment.bin
More information about the Members
mailing list