Gentoo Forums :: View topic - Kerberos5 and LDAP Problems

Kerberos5 and LDAP Problems

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

ck84
n00b
n00b

Joined: 25 Apr 2005
Posts: 6

Posted: Tue Apr 26, 2005 6:23 pm Post subject: Kerberos5 and LDAP Problems

Hi, my LDAP server runs just well, i can get userinfos with id <ldapuser> but when i do a

'kinit USERNAME' i get this error:
kinit(v5): Client not found in Kerberos database while getting initial credentials

but when i do a kinit USERNAME/admin@REALM.TLD it just works fine, how can i make kinit USERNAME working? also im not able to log in via ssh i always get this error in syslog

Apr 26 20:16:33 auth sshd[19632]: Illegal user USERNAME from ::ffff:xxx.xxx.xxx.xxx
Apr 26 20:16:33 auth sshd[19632]: Failed none for illegal user USERNAME from ::ffff:xxx.xxx.xxx.xxx port 3043 ssh2

anyone got an idea?

here are my config files:

Code:

/etc/krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = REALM.NET
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
REALM.NET = {
kdc = kerberos.realm.tld:88
admin_server = kerberos.realm.tld:749
default_domain = REALM.NET
}

[domain_realm]
.realm.net = REALM.NET
realm.net = REALM.NET

[kdc]
profile = /etc/krb5kdc/kdc.conf

[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

[appdefaults]
pam = {
krb4_convert = false
}
kinit = {
forwardable = true
renewable = true
}

/etc/krb5kdc/kdc.conf
[kdcdefaults]
acl_file = /etc/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/krb5kdc/kadm5.keytab

[realms]
REALM.NET = {
database_name = /etc/krb5kdc/principal
admin_keytab = /etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
dict_file = /etc/krb5kdc/kadm5.dict
key_stash_file = /etc/krb5kdc/.k5.REALM.NET
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}

/etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_krb5.so debug use_first_pass
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so
account required /lib/security/pam_access.so
account sufficient /lib/security/pam_krb5.so debug

password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_krb5.so use_authtok debug
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_krb5.so

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy