Monday, November 12, 2012

Troubleshooting LDAP/Kerberos

At work we use LDAP with Kerberos authentication. Today we had occasion to change a user's UID. After making the requisite changes on the LDAP server, the user couldn't log in on his workstation. Turned out the cause of the problem was in the /tmp directory on his workstation. It contained several files that looked like this:

krb5cc_10993_iU4uWf

Where "10993" was the user's old UID.

The solution to the problem was to delete all these files. So, on the user's workstation we did:

# cd /tmp
# rm -rf krb*

After that, the user could log in with his new UID.




No comments:

Post a Comment