[yast-devel] YaST2 USER Module and LDAP + Kerberos
Hello, I have a question and a Problem with the YaST2 User Module ;). When I have a User configured with YaST, have I to change any in the yaST ldap User Module? My Problem a USER is configured with YaST USER+LDAP, I create the User also in krb5 but it is not possible to expand the Entry with krb5 ank -x dn="uid=xxxx,ou=people,cd=example,dc=com" xxxx I have to create with ank xxxx but now I have two USER xxxx in the LDAP DB when I have to delete my User (with YasT) the User is deleted but the krb5 USER do exist, but I can't find the User in YaST2. Later when I have to recreate the USER with YaST2, YaST2 tell me the USER Exist !! What is the correct way ? -- mit freundlichen Grüßen / best Regards. Günther J. Niederwimmer -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
V Thu, 14 Feb 2013 14:14:56 +0100 Günther J. Niederwimmer <gjn@gjn.priv.at> napsáno:
Hello,
I have a question and a Problem with the YaST2 User Module ;).
When I have a User configured with YaST, have I to change any in the yaST ldap User Module?
My Problem a USER is configured with YaST USER+LDAP, I create the User also in krb5 but it is not possible to expand the Entry with krb5
ank -x dn="uid=xxxx,ou=people,cd=example,dc=com" xxxx
I have to create with
ank xxxx
but now I have two USER xxxx in the LDAP DB
when I have to delete my User (with YasT) the User is deleted but the krb5 USER do exist, but I can't find the User in YaST2. Later when I have to recreate the USER with YaST2, YaST2 tell me the USER Exist !!
What is the correct way ?
Well, I'm not sure if I understand your questions. First: YaST users module does not have any special handling of Kerberos accounts at all. It is, however, able to manage LDAP users. The supported scenario is having users in LDAP database and (optionally) let them authenticate via Kerberos. For setting the Kerberos authentication there's YaST Kerberos client module, but for nothing more. Maybe YaST Kerberos server could help you... Michael? YaST LDAP client module is used for configuring your machine as LDAP client. Once you do this, LDAP users are available for editing in YaST Users module. Jiri -- Jiri Suchomel SUSE LINUX, s.r.o. Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Hi, Am Donnerstag, 14. Februar 2013, 14:34:43 schrieb Jiří Suchomel:
V Thu, 14 Feb 2013 14:14:56 +0100
Günther J. Niederwimmer <gjn@gjn.priv.at> napsáno:
Hello,
I have a question and a Problem with the YaST2 User Module ;).
When I have a User configured with YaST, have I to change any in the yaST ldap User Module?
My Problem a USER is configured with YaST USER+LDAP, I create the User also in krb5 but it is not possible to expand the Entry with krb5
ank -x dn="uid=xxxx,ou=people,cd=example,dc=com" xxxx
I am a a little bit out of this bussiness :-) Have you also played around with -x linkdn=<dn> -x containerdn=<container_dn> parameters ?
I have to create with
ank xxxx
but now I have two USER xxxx in the LDAP DB
when I have to delete my User (with YasT) the User is deleted but the krb5 USER do exist, but I can't find the User in YaST2. Later when I have to recreate the USER with YaST2, YaST2 tell me the USER Exist !!
What is the correct way ?
Well, I'm not sure if I understand your questions.
First: YaST users module does not have any special handling of Kerberos accounts at all. It is, however, able to manage LDAP users. The supported scenario is having users in LDAP database and (optionally) let them authenticate via Kerberos.
This is the important part. yast2 users module does not support kerberos principals. You can try out and maybe you find a working solution, but we never tried it.
For setting the Kerberos authentication there's YaST Kerberos client module, but for nothing more. Maybe YaST Kerberos server could help you... Michael?
Kerberos server is only for the initial setup of a kerberos server. Managing principals is not part of this module. -- Regards Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: Michael.Calmer@suse.com -------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
participants (3)
-
Günther J. Niederwimmer -
Jiří Suchomel -
Michael Calmer