[Mike Gabriel] > For integration of Kerberos5 libpam-krb5 needs to be tweaked in a > way that it will only apply krb5 pam rules to uidNumbers greater > than 10000 (presuming that LDAP users on the Tjener start with > 10000).
Why? UIDs >= 1000 are supposed to be in LDAP, while the range from 500 to 1000 are supposed to be local users. So for me, the current default in libpapm-krb5 seem correct. Btw, it might be an alternative to use sssd instead of libpam-krb5. Vennlig hilsen, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213173102.gk9...@login1.uio.no