Hal not working with Kerberos5+LDAP authentication.

[Doug Goldstein]

Juan Miguel Corral Cano wrote:
> Hello. This is my first mail at the list, so I'm sorry if I am posting 
> to the wrong place.
> I have a network with PCLinuxOS workstations, authenticating against a 
> Windows 2003 with Services for Unix. That is: users authenticate via 
> Kerberos 5, and get their UID and GID via LDAP.
> I have noticed that users authenticating this way are unable to use HAL. 
> This is the output I get when I try to run lshal:
>
>     error: dbus_bus_get: org.freedesktop.DBus.Error.NoReply: Did not 
> receive a reply.
>     Possible causes include: the remote application did not send a 
> reply, the message bus security
>     policy blocked the reply, the reply timeout expired, or the network 
> connection was broken.
>
> I am sure it is not a problem in hal.conf, because of two reasons: 
> first, PCLOS has a policy that allows by default to all users to access 
> HAL devices. Second, when I set up the server and workstations to 
> authenticate via NIS, HAL works perfectly, although they are the same 
> users and groups (and same UID and GID)  than with Krb5+LDAP.
> Then, it has to be a problem with DBus being unable to start the user's 
> session, or with HAL being unable to get user data.
> If anybody has got to make work HAL with Kerberos+LDAP, then it must be 
> a problem with the distro. Otherwise, I think it has to be a bug in HAL 
> or in DBus.
>
>
> Best Regards. Juan.
> _______________________________________________
> hal mailing list
> hal at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/hal
>   
HAL doesn't do anything with users and groups. That's all managed by
D-Bus. The problem is going to exist in your NSS configuration and the
user/group settings you have setup.

The issue you're having is similar to
http://bugs.gentoo.org/show_bug.cgi?id=193058