I have a central authentication server with OpenLDAP set up and populated, and Kerberos 5, also populated.
On an Ubuntu LTS machine, I set up nslcd and kerberos client stuff. This way, issuing the
id gergely.polonkai
tells me I'm gergely.polonkai(10000)
in group engineering(10000)
. Also, issuing
kinit gergely.polonkai
asks for my password, and creates my keychain (klist shows my TGT).
Thus, I assume every bit works fine. But when I add kerberos stuff to pam:
auth sufficient pam_krb5.so
account sufficient pam_krb5.so
session optional pam_krb5.so
the logs say gergely.polonkai authenticated successfully, then says gergely.polonkai is unknown to the underlying authentication module.
Edit:
getent passwd gergely.polonkai
gets me the correct data. However
getent shadow gergely.polonkai
tells me nothing (trying both as root).
Edit:
adding shadowAccount objectClass to the user fixed the shadow problem. However, the original error still persists.
Am I missing something?