Bug 137646
Summary: | nscd fails when using nss_ldap with SASL | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Jack Neely <jjneely> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | drepper, nalin |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-01 12:32:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jack Neely
2004-10-29 21:23:11 UTC
First of all, nscd-2.3.3-53 is old, try something newer (e.g. 2.3.3-74 in rawhide). nscd has debug mode if you start it with /usr/sbin/nscd -d > /tmp/nscd.log After more research I have discovered the source of the problem. With user information stored in LDAP accessed via the nss_ldap module there are two ways to use SASL authentication. (Kerberos in this case.) With the nscd daemon turned off, there is no caching but each user uses his own credintials to authenticate to the LDAP server. With nscd turned on root is doing the authentication and retrieval from the LDAP server wich requires a keytab and a system service ticket. I would like to be able to use the users' kerberos tickets and still have the caching nscd provides. So just set up a system service ticket or stop caching. |