Re: LDAP+Kerberos

[Brian May <bam@snoopy.apana.org.au>]

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:

    Nicolas> On Fri, Nov 17, 2000 at 09:58:11AM +0100, Roger
    Nicolas> Martensson wrote:
    >> Hi!
    >> 
    >> First I'd like to apologize that my question isn't about
    >> heimdal 100%.

I am interested in LDAP too...

    Nicolas> Also, you won't care to use PAM_LDAP, I don't
    Nicolas> think. You'll want PAM_KRB5 instead...

I am currently trying that, but I can't seem to log in for some reason
unless the LDAP password matches the Kerberos password.

Oh, I see. I have to change the "account" PAM settings as well as the
"auth" setting.

Currently I have

auth    required pam_krb5.so
account required pam_ldap.so

Does this look right? Do I need to change "session" too?

Also, (now this is off-topic!), can anyone tell me what the easiest
way is to delete every-bodies LDAP password. Currently I am doing it
one entry at a time with ldapmodify + file, and I
was... well... hoping that a faster way would be possible...


I am also guessing that Heimdal's login program must have direct
built-in support for LDAP authentication, otherwise something very
strange is going on here.
-- 
Brian May <bam@snoopy.apana.org.au>