[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization

From: Pau Aliagas <linuxnow newtral org>
To: mr700 globalnet bg, Development discussions related to Fedora Core <fedora-devel-list redhat com>
Cc:
Subject: Re: systematic Kerberization
Date: Thu, 3 Jun 2004 10:55:03 +0200 (CEST)

On Thu, 3 Jun 2004, Doncho N. Gunchev wrote:

On Wednesday 02 June 2004 15:04, Pau Aliagas wrote:

I've been trying really hard to implement kerberos+ldap in fedora
development and FC1/FC2 and I'm almost done, but there is one important
thing that does not work: loginShell is ignored by nss_ldap.

I found out what happened and it was a silly mistake on my part putting this in slapd.conf:

access to attr=loginShell
       by self write

Sorry for the noise. It's ok now.

I've been trying too, but not that hard. Can you please describe this somewhere and post a link. I was fighting to make the system authenticate all users with UID < 500/1000 the old way and all others (mail/samba only) with LDAP/Kerberos, which is ideal in my eyes.

That is exactly what I'm doing. It almost works as distributed, but there are a few tweaks to setup kerberos and ldap.

The idea was that even with no network at all I still can login localy as root/UID<500/1000 and fix it. Kerberos + LDAP + Samba would be great for hybrid environments with WinXX workstations, linux servers and workstation(s) (my case).

I'll polish all the missing details (ldap and kerberos replication), scripts to add users, samba and Windows clients and post a Howto somewhere.

Pau

References:
- Re: systematic Kerberization
  - From: Pau Aliagas
- Re: systematic Kerberization
  - From: Doncho N. Gunchev

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]