Kerberos Authentication

0.o · 01-02-2012, 06:08 PM

I am trying to get a Debian host to authenticate against an Active Directory domain and am not having much luck. I can use kinit to obtain a ticket, but am unable to login. Upon attempting to login I receive the following:

Code:

Jan  2 19:04:39 <system> merb : merb : master: pam_krb5(rpam:auth): user <user> authenticated as <user>@<realm>
Jan  2 19:04:39 <system> unix_chkpwd[17504]: could not obtain user info (<user>)

Any ideas?

acid_kewpie · 01-04-2012, 06:26 AM

well clearly there it is asking for user info. Kerberos has nothing to do with user information at all, i.e. UID, GID, home directory, shell... only authentication. This data would generally come from ldap connectivity to AD, although other mechanisms are possible too. As such, Kerberos appears to be working just fine from that first log message.

Personally I'd never bother with krb5 auth, and just use ldap interfaces for both info and auth. Are you doing this via samba domain membership, or just direct krb5 config?