<HTML>
<HEAD>
<TITLE>Re: [Fedora-directory-users] Question re: {KERBEROS} syntax</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>It happens to all of us...<BR>
<BR>
I am still having a couple of issues though (for everyone else listening :)<BR>
<BR>
I changed pamMapMethod to Entry<BR>
I then set pamIDAttr to aliasedObjectName (out of laziness for now)<BR>
<BR>
When I start the slapd with this, I get this..<BR>
<BR>
pam_passthru-plugin - Warning: The following suffixes listed in pamExcludeSuffix or pamIncludeSuffix are not present in this server: o=NetscapeRoot<BR>
<BR>
But, the admin server will still start just fine..<BR>
<BR>
Regardless, the system does not appear to try to use the aliasedobjectname for the user to pass to pam.. (I have KRBPRINC@REALM.COM in aliasedobjectname)..<BR>
<BR>
Any ideas?<BR>
<BR>
Tom<BR>
<BR>
Ps.. If I leave it as RDN, I get no error on startup about suffix and as long as my bind dn matches my krb princ in the default realm, it works.. So I’m halfway there?<BR>
<BR>
<BR>
<BR>
On 7/26/06 9:18 AM, "Paul Engle" <pengle@rice.edu> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>-----BEGIN PGP SIGNED MESSAGE-----<BR>
Hash: SHA1<BR>
<BR>
<BR>
*Blush* Okay, that's just plain embarrassing. That ended up being caused<BR>
by having the 'auth' part in the pam configuratoin but no 'account' line<BR>
for pam_krb5.so.<BR>
<BR>
-paul<BR>
<BR>
- --On Tuesday, July 25, 2006 05:49:51 PM -0400 Tom Ryan<BR>
<tomryan@camlaw.rutgers.edu> wrote:<BR>
<BR>
><BR>
><BR>
><BR>
> On 7/25/06 5:47 PM, "Paul Engle" <pengle@rice.edu> wrote:<BR>
><BR>
><BR>
><BR>
> I'm not familiar with that message. I don't recall having any issues. I<BR>
> wasn't trying do add it to a live server, though. I was working on a<BR>
> development machine and was able to yank the DS up and down with impunity.<BR>
><BR>
><BR>
> In this message,<BR>
><BR>
> <a href="http://www.redhat.com/archives/fedora-directory-users/2006-May/msg00081.h">http://www.redhat.com/archives/fedora-directory-users/2006-May/msg00081.h</a><BR>
> tml<BR>
><BR>
> You noted you had the same error (reset required) when simple binding at<BR>
> first..<BR>
><BR>
> Tom<BR>
<BR>
<BR>
<BR>
- --<BR>
Paul D. Engle | Rice University<BR>
Sr. Systems Administrator | Information Technology - MS119<BR>
(713) 348-4702 | P.O. Box 1892<BR>
pengle@rice.edu | Houston, TX 77251-1892<BR>
-----BEGIN PGP SIGNATURE-----<BR>
Version: GnuPG v1.2.6 (GNU/Linux)<BR>
<BR>
iD8DBQFEx2vHCpkISWtyHNsRAkdYAKD9mCDZCSGoG+PDcteXOttgyBZYywCfXjmM<BR>
g1p3GL9gbu4Ja5M880MwZX0=<BR>
=JFVj<BR>
-----END PGP SIGNATURE-----<BR>
<BR>
--<BR>
Fedora-directory-users mailing list<BR>
Fedora-directory-users@redhat.com<BR>
https://www.redhat.com/mailman/listinfo/fedora-directory-users<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT>
</BODY>
</HTML>