我在我的机器上配置了带有 kerberos 身份验证的 LDAP。配置后,我无法使用kpasswd
.
我的krb5.conf
档案。
https://docs.zoho.com/writer/published.do?rid=cm31c11feb23f172345f8a4851ae80e504756
LDAP 配置
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcAuthzRegexp: {0}uid=([^,]+),cn=ultrasound.zmedia.com,cn=gssapi,cn=auth uid=$1
,ou=users,dc=ultrasound,dc=zmedia,dc=com
olcLogLevel: stats
olcPidFile: /var/run/slapd/slapd.pid
olcSaslRealm: ULTRASOUND.ZMEDIA.COM
olcToolThreads: 1
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=ultrasound,dc=zmedia,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by * none
olcAccess: {1}to dn.subtree="ou=krb5,dc=ultrasound,dc=zmedia,dc=com" by dn="cn=a
dm-srv,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" write by dn="cn=kdc-srv,ou=krb5,
dc=ultrasound,dc=zmedia,dc=com" read by * none
olcAccess: {2}to attrs=loginShell by self write by users read by * none
olcAccess: {3}to dn.base="" by * read
olcAccess: {4}to * by users read by * none
olcLastMod: TRUE
olcRootDN: uid=admin,ou=users,dc=ultrasound,dc=zmedia,dc=com
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq
错误日志
==> /var/log/kerberos/kdc.log <==
May 20 19:51:30 bharathi krb5kdc[16333](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1369059690, etypes {rep=18 tkt=18 ses=18}, john@ULTRASOUND.ZMEDIA.COM for kadmin/changepw@ULTRASOUND.ZMEDIA.COM
==> /var/log/syslog <==
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=42 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH base="krbPrincipalName=skumar-0670@ULTRASOUND.ZMEDIA.COM,cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" scope=0 deref=0 filter="(objectClass=*)"
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH attr=objectclass
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD dn="krbPrincipalName=john@ULTRASOUND.ZMEDIA.COM,cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com"
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD attr=krbLastSuccessfulAuth krbExtraData
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 RESULT tag=103 err=50 text=