Hi, did you check if the credential cache can be accessed by nscd. E.g., if nscd is running as nobody and /tmp/krb5cc_0 belongs to root it will not work.
Mark > Hi all, > > Now that I'm satisfied with my OpenLDAP/Kerberos server configuration, > I'm attempting to devise a suitable (Debian lenny) client setup for it. > > Although I hear that it may not be the best approach, I'm currently > pursuing a client configuration that includes kstart, libnss-ldap, nscd > and libpam-ldap. At the moment I'm happy with all of it except libnss- > ldap. > > Kstart has no problem obtaining an initial Kerberos ticket, but I can't > get libnss-ldap to use it to access the DIT. So far my libnss-ldap.conf > looks like: > > base dc=example,dc=com > uri ldap://ldapks1.example.com/ > ldap_version 3 > rootuse_sasl yes > krb5_ccname FILE:/tmp/krb5cc_0 > > Any idea what I might be missing? > > Thanks, > > Jaap > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
