[Samba] Samba 4 and GSSAPI kerberos ldap connect
steve
steve at steve-ss.com
Fri Jan 20 07:38:14 MST 2012
>>
>>> I can't find k5start for openSUSE. I'll ask the guys over
>>> at the suse list for that one.
>> Otherwise you could probably compile it yourself.
>>
>>> If I get time, I'll go through this on Ubuntu (where Geza pointed me to
>>> k5start).
> Thanks again.
> Steve
Got an old k5start from the openSUSE vaults and got the keytab working
with it:
samba-tool domain exportkeytab /etc/nslcd.keytab --principal=nslcd-service
Then:
k5start -v -f /etc/nslcd.keytab -u nslcd-service -o nslcd-user -k
/tmp/krb5cc_0
Kerberos initialization for nslcd-service at SITE
k5start: authenticating as nslcd-service at SITE
k5start: getting tickets for krbtgt/SITE at SITE
It didn't ask for a password:)
A few bits of stuff.
This is not ideal. It renews every 5 mins, which too often. Probably
need some k5list --help
Maybe /tmp is a bad place to put the cache. On openSUSE (and probably
other distros), anyone can get in there and have a look around.
Don't get this:
ls -la /etc/nslcd.keytab
-rw------- 1 root root 178 Jan 20 15:19 /etc/nslcd.keytab
yet k5start can get at it.
I still think there must be a better way.
Cheers,
Steve
More information about the samba
mailing list