Hi, thank you for you reply<br>I try to use Kerberos to authenticate some services support it.<br>I want to use Kerberos for authentication and LDAP for authorization in my system.<br>At current step I can allow users to login using LDAP, and users must get a ticket to use<br>

some LDAP&#39;s tools.<br>And as you see, I&#39;m confused a bit. That system have two passwords for an user and they<br>just can change one of them. Two passwords can be used to login.<br><br><div><span class="gmail_quote">2008/1/30, Michael Ströder &lt;<a href="mailto:michael@stroeder.com">michael@stroeder.com</a>&gt;:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Le Trung Kien wrote:<br> &gt; I&#39;m attempting to use ldap with kerberos 5,<br> <br> <br>What does that mean? Is your KDC using OpenLDAP as backend-database or<br> are you just using Kerberos tickets to authenticate against the LDAP<br>
 server with SASL GSSAPI bind?<br> <br><br> &gt; user1]$ passwd<br> &gt; Kerberos 5 Password: ******<br> &gt; New UNIX password: ******<br> &gt; Retype new UNIX password: ******<br> <br> <br>This is related to your PAM configuration.<br>
 <br> Ciao, Michael.<br> </blockquote></div><br><br clear="all"><br>-- <br>Le Trung Kien.