System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

Using Per-User Credentials

Note –

Do not edit either of the client configuration files directly. Use the ldapclient command to create or modify the content of these files.

ProcedureHow to Initialize a Client Using Per-User Credentials

Before You Begin

Before you set up a client with per-user credentials the following items must already be configured:

  1. Run ldapclient init to initialize the client by using the gssapi profile:

    # /usr/sbin/ldapclient init -a profilename=gssapi_SPARKS.COM -a \
  2. Try to log in as a user:

    Run kinit -p user.

    Run ldaplist -l passwd user in user's login session and you should see “userpassword.”

    But ldaplist -l passwd bar can get the entry without userpassword. By default root can still see userpassword of everybody.

Notes About Using Per-User Credentials

See other references in this guide and in the System Administration Guide: Security Services for details.