On Mon, 10 May 2004, Havoc Pennington wrote:
Sorry to be late and maybe a litle offtopic.
Something we've wanted to do for a long time is create a matrix of programs that should support Kerberos authentication, and start checking them off. I guess this includes both client-side and server-side.
Does anyone have a good start on this?
Any real-world experience/scenarios where Kerberos support was needed and not available? (Which things should be Kerberized first?)
I've been trying really hard to implement kerberos+ldap in fedora development and FC1/FC2 and I'm almost done, but there is one important thing that does not work: loginShell is ignored by nss_ldap.
I'd like to post an example configuration to make this systematic Kerberization a fact, something to start playing with, but I haven't been able to get a "bash" shell when using ldap. Any hints?
login always launches "/bin/sh" ignoring the ldap entries. finger and getent also ignore the loginShell, so I strongly suspect it's an nss_ldap bug.
Thanks Pau
