Hello Mr. Beilmann,
Steffen Beilmann schrieb:
we have successfully installed and configured kerberos for login to the
vdi-admin gui, that means in generally kerberos with krb5.conf is well
configured.
But now the customers admins would like to login to solaris jds over the
sun ray by using their AD credentials too.
At which part and how should i insert the krb5.* feature in the pam.conf?
Is the section called dtlogin-SunRay the right place?
Yes, for general login (smartcard or "pseudo" sessions) dtlogin-SunRay
is the right PAM stack.
If you use NSCM (non-smartcard mobile sessions), you also need to add
kerberos to the utnsclogin ("Sun Ray Mobile Login") stack.
You may also need to add kerberos to the dtsession-SunRay (CDE
screensaver), xscreensaver (GNOME screensaver), uthotdesk ("Sun Ray
Session Lock") PAM stacks. If any of these are missing, you may be able
to cover that case by adding kerberos into the "other" PAM stack.
Are ther any additional entries in other files like /etc/nsswitch.conf
necessary?
If you haven't done so, you probably need to set up AD and Solaris to
allow using the AD server with the LDAP naming service[*]. Maybe [1] can
help.
Alternatively you might have a look at the open source 'winbind' naming
service from the Samba project, but that is not available as supported
component in Solaris and usually goes with its own pam_winbind module
instead of regular kerberos.
[1]<http://wikis.sun.com/display/BigAdmin/Using+Kerberos+to+Authenticate+a+Solaris+10+OS+LDAP+Client+With+Microsoft+Active+Directory>
[*] Unfortunately Solaris 10 does not yet have the "ad" naming service,
which is being introduced in OpenSolaris.
Best Regards
- Jörg Barfurth
--
Disclaimer: I am employed by Oracle. The statements and opinions
expressed here are my own and do not necessarily represent those
of Oracle Corporation.
Oracle (http://www.oracle.com)
Jörg Barfurth | Senior Software Engineer
Oracle Desktop Virtualization
ORACLE Deutschland B.V. & Co. KG | Nagelsweg 55 | 20097 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Rijnzathe 6, 3454PV De Meern, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
Oracle is committed to developing practices and products that help
protect the environment
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
