Le Trung Kien wrote:
I try to use Kerberos to authenticate some services support it.
Which is your KDC?
I want to use Kerberos for authentication and LDAP for authorization in my system. At current step I can allow users to login using LDAP, and users must get a ticket to use some LDAP's tools. And as you see, I'm confused a bit. That system have two passwords for an user and they just can change one of them. Two passwords can be used to login.
You should simply allow normal users to login via pam_krb5. So normal users would only need the Kerberos password.
Ciao, Michael.