Date: Fri, 7 Nov 2003 00:15:27 -0500 (EST) From: "skb" <skb_bhat@excite.com> To: freebsd-net@freebsd.org Subject: login with ldap and sasl/gssapi Message-ID: <20031107051527.D2BABBF78@xmxpita.excite.com>
next in thread | raw e-mail | index | archive | help
Hi, Can someone please tell me how to configure login on the FreeBSD-5.1-RELEASE box to use ldap authentication (using SASL/GSSAPI), pam_krb5, pam_ldap and nss_ldap modules repectively. I have successfully configured openldap21-2.1.20_1 with heimdal-0.5.1. I can execute ldapsearch, ldapadd etc using SASL/GSSAPI mechanism without any problems at all on the local box. On /usr/local/etc/openldap/slapd.conf I've added the following extra stuff: require SASL sasl-realm MYDOMAIN.COM sasl-host test.mydomain.com sasl-secprop noplain,noanonymous,minssf=56 sasl-regex uid=(.*),cn=MYDOMAIN.COM,cn=gssapi,cn=auth uid=$1,ou=People,dc=mydomain,dc=com The pam_krb5, nss_ldap, pam_ldap modules are working fine since login is working fine with anonymous LDAP bind. But everything stops when I am disabling anonymous bind. My /etc/pam.d/login file is as follows: auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_krb5.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_krb5.so account sufficient /usr/local/lib/pam_ldap.so account required pam_login_access.so account required pam_securetty.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so password required pam_unix.so no_warn try_first_pass Any help will be greatly appreciated. Thanks in advance, skb _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031107051527.D2BABBF78>