On Wed, May 19 2010 at 17:11, Antoine Jacoutot wrote:
> On Wed, 19 May 2010, Claer wrote:
> > It seems that the client is trying to get a ticket for the afs client.
> > AFS is not enabled on my BSD box and I don't need it. The only reference
> > I found on UALBERTA.CA is "/etc/afs/ThisCell". Is there a way to
> > disable this behavior?
>
> Yes.
>
> [appdefaults]
> kinit = {
> afslog = no
> }
Continuing to play with Kerberos, I'm adding ypldap into play.
This time, I'd like to use ldap to add entries to getent passwd
and Kerberos for authentification (I'd like to avoid the login_ldap
step is possible). As my kerberos setup is now ok, I declared the LDAP
server on /etc/ypldap.conf, started portmap ypldap ypbind, added the
"+:" entries to passwd and group.
Now, I have a working ypbind system. To confirm this, I renamed my
local account as _claer using vipw and verified the output of
getent passwd :
# getent passwd | grep claer
_claer:$2a$06$SgI[...]:1000:1000:Claer:/home/claer:/bin/ksh
claer:*:1000:1000:Claer:/home/claer:/bin/ksh
Now the next step is to try an authentification with ssh. That's why
/etc/login.conf has been modified regarding auth entry :
auth-defaults:auth=krb5-or-pwd,passwd:
But, when I try to ssh in with -l claer, sshd doesn't seem to find
the "claer" passwd entry and I have this line on the kerberos server :
May 19 17:18:46 diogene krb5kdc[18818](info): AS_REQ (8 etypes {18 17 16 5 23 3
2 1}) 172.16.1.1: CLIENT_NOT_FOUND: nou...@claer.hammock.fr for
krbtgt/claer.hammock...@claer.hammock.fr, Client not found in Kerberos database
Any hint ?
Regards,
Claer
