systematic Kerberization
Pau Aliagas
linuxnow at newtral.org
Thu Jun 3 08:55:03 UTC 2004
On Thu, 3 Jun 2004, Doncho N. Gunchev wrote:
> On Wednesday 02 June 2004 15:04, Pau Aliagas wrote:
>> I've been trying really hard to implement kerberos+ldap in fedora
>> development and FC1/FC2 and I'm almost done, but there is one important
>> thing that does not work: loginShell is ignored by nss_ldap.
I found out what happened and it was a silly mistake on my part putting
this in slapd.conf:
access to attr=loginShell
by self write
Sorry for the noise. It's ok now.
> I've been trying too, but not that hard. Can you please describe this
> somewhere and post a link. I was fighting to make the system
> authenticate all users with UID < 500/1000 the old way and all others
> (mail/samba only) with LDAP/Kerberos, which is ideal in my eyes.
That is exactly what I'm doing. It almost works as distributed, but there
are a few tweaks to setup kerberos and ldap.
> The idea was that even with no network at all I still can login localy
> as root/UID<500/1000 and fix it. Kerberos + LDAP + Samba would be great
> for hybrid environments with WinXX workstations, linux servers and
> workstation(s) (my case).
I'll polish all the missing details (ldap and kerberos replication),
scripts to add users, samba and Windows clients and post a Howto
somewhere.
Pau
More information about the devel
mailing list