Re: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?

12 Apr 2011


      On Tue, 12 Apr 2011, Alain Péan wrote:
...
Hi John,
Thnks for your answer. Here are the content of /etc/krb5.conf and klist
-ke. I agree that there can be siomething missing, that was working
before...
The keytab isn't valid for the host as it doesn't contain a usable principal
for doing a validation of the KDC.  The pam_krb5 rpm has sensibly changed the
default for validate from false to true.  Try adding:
[appdefaults]
  pam = {
    novalidate = true
  }
I /think/ that'd work, but you'd be less secure than if you just sorted out
your keytab.  Get a real principal for your domain into the keytab, and
validate will work.  You're using LAB-LPP.LOCAL, but only have principals from
TEST-LPP.LOCAL in your keytab.
jh

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?