On Wed, May 19 2010 at 17:11, Antoine Jacoutot wrote: > On Wed, 19 May 2010, Claer wrote: > > It seems that the client is trying to get a ticket for the afs client. > > AFS is not enabled on my BSD box and I don't need it. The only reference > > I found on UALBERTA.CA is "/etc/afs/ThisCell". Is there a way to > > disable this behavior? > > Yes. > > [appdefaults] > kinit = { > afslog = no > }
Continuing to play with Kerberos, I'm adding ypldap into play. This time, I'd like to use ldap to add entries to getent passwd and Kerberos for authentification (I'd like to avoid the login_ldap step is possible). As my kerberos setup is now ok, I declared the LDAP server on /etc/ypldap.conf, started portmap ypldap ypbind, added the "+:" entries to passwd and group. Now, I have a working ypbind system. To confirm this, I renamed my local account as _claer using vipw and verified the output of getent passwd : # getent passwd | grep claer _claer:$2a$06$SgI[...]:1000:1000:Claer:/home/claer:/bin/ksh claer:*:1000:1000:Claer:/home/claer:/bin/ksh Now the next step is to try an authentification with ssh. That's why /etc/login.conf has been modified regarding auth entry : auth-defaults:auth=krb5-or-pwd,passwd: But, when I try to ssh in with -l claer, sshd doesn't seem to find the "claer" passwd entry and I have this line on the kerberos server : May 19 17:18:46 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5 23 3 2 1}) 172.16.1.1: CLIENT_NOT_FOUND: nou...@claer.hammock.fr for krbtgt/claer.hammock...@claer.hammock.fr, Client not found in Kerberos database Any hint ? Regards, Claer