Hi, thank you for you reply
I try to use Kerberos to authenticate some services support it.
I want to use Kerberos for authentication and LDAP for authorization in my system.
At current step I can allow users to login using LDAP, and users must get a ticket to use
some LDAP's tools.
And as you see, I'm confused a bit. That system have two passwords for an user and they
just can change one of them. Two passwords can be used to login.

2008/1/30, Michael Ströder <michael@stroeder.com>:
Le Trung Kien wrote:
> I'm attempting to use ldap with kerberos 5,

What does that mean? Is your KDC using OpenLDAP as backend-database or
are you just using Kerberos tickets to authenticate against the LDAP
server with SASL GSSAPI bind?

> user1]$ passwd
> Kerberos 5 Password: ******
> New UNIX password: ******
> Retype new UNIX password: ******

This is related to your PAM configuration.

Ciao, Michael.

Le Trung Kien.