Nach Kernel Update kein ssh als user

SuseServer:~ # rpm -qa | grep kernel
kernel-default-2.6.23.1-900.ccj57

becksta@SuseClient:~> ssh becksta@192.168.178.16
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).

SuseServer:~ # sudo -u becksta amuled-f
sudo: no passwd entry for becksta!

  GNU nano 1.3.12                              Datei: /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat
group:  compat

hosts:  files dns
networks:       files dns

services:       files ldap
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       files ldap
publickey:      files

bootparams:     files
automount:      files nis ldap
aliases:        files ldap
passwd_compat:  ldap
group_compat:   ldap

SuseClient:/home/becksta # ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# beckstahome.de
dn: dc=beckstahome,dc=de
objectClass: domain
objectClass: dcObject
dc: beckstahome

# users, beckstahome.de
dn: ou=users,dc=beckstahome,dc=de
ou: users
objectClass: top
objectClass: organizationalUnit

# hosts, beckstahome.de
dn: ou=hosts,dc=beckstahome,dc=de
ou: hosts
objectClass: top
objectClass: organizationalUnit

# groups, beckstahome.de
dn: ou=groups,dc=beckstahome,dc=de
ou: groups
objectClass: top
objectClass: organizationalUnit

# manager, beckstahome.de
dn: cn=manager,dc=beckstahome,dc=de
objectClass: organizationalRole
cn: manager

# domains, beckstahome.de
dn: ou=domains,dc=beckstahome,dc=de
objectClass: organizationalUnit
ou: domains

# Benutzer, groups, beckstahome.de
dn: cn=Benutzer,ou=groups,dc=beckstahome,dc=de
objectClass: posixGroup
description: Alle User
gidNumber: 10000
cn: Benutzer

# lamuser, groups, beckstahome.de
dn: cn=lamuser,ou=groups,dc=beckstahome,dc=de
objectClass: posixGroup
description:: QmVudXR6ZXIgZsO8ciBkZW4gTEFNLVp1Z3JpZmY=
gidNumber: 10001
cn: lamuser
memberUid: becksta

# Apache, groups, beckstahome.de
dn: cn=Apache,ou=groups,dc=beckstahome,dc=de
objectClass: posixGroup
description:: QmVudXR6ZXIgZsO8ciBkZW4gV2Vic2VydmVyenVncmlmZg==
gidNumber: 10002
cn: Apache
memberUid: becksta
memberUid: anna
memberUid: nadine
memberUid: ingmar
memberUid: patrick
memberUid: rossi
memberUid: volker
memberUid: marc
memberUid: steffen
memberUid: christoph

# becksta, users, beckstahome.de
dn: uid=becksta,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/becksta
loginShell: /bin/bash
uid: becksta
cn: Daniel Beck
uidNumber: 10000
gidNumber: 10000
sn: Beck
givenName: Daniel
shadowLastChange: 13812
sambaDomainName: BECKSTAHOME
sambaHomeDrive: Z:
displayName: becksta
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-21000
sambaPwdLastSet: 1195047625
sambaAcctFlags: [XU         ]

# Domain_Admin, groups, beckstahome.de
dn: cn=Domain_Admin,ou=groups,dc=beckstahome,dc=de
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain_Admin
cn: Domain_Admin
gidNumber: 512
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-2025
memberUid: becksta
sambaGroupType: 2

# Domain_User, groups, beckstahome.de
dn: cn=Domain_User,ou=groups,dc=beckstahome,dc=de
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain_User
sambaGroupType: 2
cn: Domain_User
gidNumber: 513
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-2027
memberUid: becksta

# Domain_Guests, groups, beckstahome.de
dn: cn=Domain_Guests,ou=groups,dc=beckstahome,dc=de
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain_Guests
sambaGroupType: 2
cn: Domain_Guests
gidNumber: 514
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-2029
memberUid: becksta

# Domain_Hosts, groups, beckstahome.de
dn: cn=Domain_Hosts,ou=groups,dc=beckstahome,dc=de
objectClass: sambaGroupMapping
objectClass: posixGroup
displayName: Domain_Hosts
sambaGroupType: 2
cn: Domain_Hosts
gidNumber: 515
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-2031

# root, users, beckstahome.de
dn: uid=root,ou=users,dc=beckstahome,dc=de
uid: root
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-1000
displayName: root
sambaPwdCanChange: 1193679174
sambaPwdLastSet: 1193679174
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account

# anna, users, beckstahome.de
dn: uid=anna,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/anna
uid: anna
cn: Anna Bakun
uidNumber: 10001
sn: Bakun
givenName: Anna
shadowLastChange: 13815
gidNumber: 10000
loginShell: /bin/false
sambaDomainName: BECKSTAHOME
sambaAcctFlags: [XU         ]
displayName: Anna Bakun
sambaHomeDrive: Z:
sambaPwdLastSet: 1193955061
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-513

# nadine, users, beckstahome.de
dn: uid=nadine,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/nadine
loginShell: /bin/false
uid: nadine
cn: Nadine Benner
uidNumber: 10002
sn: Benner
givenName: Nadine
shadowLastChange: 13815
gidNumber: 10000

# ingmar, users, beckstahome.de
dn: uid=ingmar,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/ingmar
loginShell: /bin/false
uid: ingmar
cn: Ingmar Brix
uidNumber: 10003
gidNumber: 10000
sn: Brix
givenName: Ingmar
shadowLastChange: 13815

# patrick, users, beckstahome.de
dn: uid=patrick,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/patrick
loginShell: /bin/false
uid: patrick
cn: Patrick Kron
uidNumber: 10004
gidNumber: 10000
sn: Kron
givenName: Patrick
shadowLastChange: 13815

# rossi, users, beckstahome.de
dn: uid=rossi,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/rossi
loginShell: /bin/false
uid: rossi
cn:: U3RlZmZlbiBSw7Zzc2xlcg==
uidNumber: 10005
gidNumber: 10000
sn:: UsO2c3NsZXI=
givenName: Steffen
shadowLastChange: 13817

# volker, users, beckstahome.de
dn: uid=volker,ou=users,dc=beckstahome,dc=de
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/volker
loginShell: /bin/false
uid: volker
cn: Volker Theisinger
uidNumber: 10006
gidNumber: 10000
sn: Theisinger
givenName: Volker
shadowLastChange: 13817

# BECKSTAHOME, beckstahome.de
dn: sambaDomainName=BECKSTAHOME,dc=beckstahome,dc=de
sambaDomainName: BECKSTAHOME
sambaSID: S-1-5-21-3607407950-2872165377-1385870410
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0

# marc, users, beckstahome.de
dn: uid=marc,ou=users,dc=beckstahome,dc=de
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomeDrive: U:
sambaDomainName: BECKSTAHOME
sambaAcctFlags: [XU         ]
sambaPwdLastSet: 1194703723
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-21014
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/marc
loginShell: /bin/false
gecos: Marc Schuhmacher
uid: marc
cn: Marc Schuhmacher
uidNumber: 10007
gidNumber: 10000
sn: Schuhmacher
givenName: Marc
shadowLastChange: 13827

# XP-CLient$, hosts, beckstahome.de
dn: uid=XP-CLient$,ou=hosts,dc=beckstahome,dc=de
objectClass: posixAccount
objectClass: account
loginShell: /bin/false
homeDirectory: /dev/null
uid: XP-CLient$
cn:: QsO8cm9SZWNobmVyIG1pdCBYUA==
uidNumber: 50000
gidNumber: 515
description: XP-Client

# steffen, users, beckstahome.de
dn: uid=steffen,ou=users,dc=beckstahome,dc=de
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomeDrive: U:
sambaDomainName: BECKSTAHOME
sambaAcctFlags: [XU         ]
sambaPwdLastSet: 1194900586
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-21016
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/steffen
loginShell: /bin/false
uid: steffen
cn: Steffen Krumm
uidNumber: 10008
gidNumber: 10000
sn: Krumm
givenName: Steffen
shadowLastChange: 13829

# christoph, users, beckstahome.de
dn: uid=christoph,ou=users,dc=beckstahome,dc=de
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
sambaHomeDrive: U:
sambaDomainName: BECKSTAHOME
sambaAcctFlags: [XU         ]
sambaPwdLastSet: 1194900657
sambaSID: S-1-5-21-3607407950-2872165377-1385870410-21018
shadowWarning: 10
shadowInactive: 10
shadowMin: 1
shadowMax: 365
homeDirectory: /home/christoph
loginShell: /bin/false
uid: christoph
cn: Christoph Krumm
uidNumber: 10009
gidNumber: 10000
sn: Krumm
givenName: Christoph
shadowLastChange: 13829

# BECKSTAHOME, domains, beckstahome.de
dn: sambaDomainName=BECKSTAHOME,ou=domains,dc=beckstahome,dc=de
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaSID: S-1-5-21-3607407950-2872165377-1385870410
sambaDomainName: BECKSTAHOME
sambaLogonToChgPwd: 0
sambaForceLogoff: 0

# search result
search: 2
result: 0 Success

# numResponses: 28
# numEntries: 27

Nov 14 16:04:08 SuseServer slapd[2910]: conn=2 fd=12 closed (connection lost)
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:04:08 SuseServer nscd: nss_ldap: could not search LDAP server - Server is unavailable
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:04:08 SuseServer nscd: nss_ldap: could not search LDAP server - Server is unavailable
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:04:08 SuseServer nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server

passwd: files ldap
shadow: files ldap
group: files ldap

#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a 
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host	127.0.0.1

# The distinguished name of the search base.
base	dc=beckstahome,dc=de

# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/   
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator

# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com

# The credentials to bind with. 
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=example,dc=com

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
#timelimit 30

# Bind/connect timelimit
#bind_timelimit 30

# Reconnect policy:
#  hard_open: reconnect to DSA with exponential backoff if
#             opening connection failed
#  hard_init: reconnect to DSA with exponential backoff if
#             initializing connection failed
#  hard:      alias for hard_open
#  soft:      return immediately on server failure
bind_policy	soft

# Connection policy:
#  persist:   DSA connections are kept open (default)
#  oneshot:   DSA connections destroyed after request
#nss_connect_policy persist

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

# Use paged rseults
#nss_paged_results yes

# Pagesize: when paged results enable, used to set the
# pagesize to a custom value
#pagesize 1000

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes

# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

# Group member attribute
#pam_member_attribute uniquemember

# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service. 
#pam_password crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
pam_password	exop

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.

# Use backlinks for answering initgroups()
#nss_initgroups backlink

# returns NOTFOUND if nss_ldap's initgroups() is called
# for users specified in nss_initgroups_ignoreusers 
# (comma separated)
nss_initgroups_ignoreusers	root,ldap

# Enable support for RFC2307bis (distinguished names in group
# members)
nss_schema	rfc2307bis

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX		base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd	ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd	ou=People,dc=example,dc=com?one
#nss_base_shadow	ou=People,dc=example,dc=com?one
#nss_base_group		ou=Group,dc=example,dc=com?one
#nss_base_hosts		ou=Hosts,dc=example,dc=com?one
#nss_base_services	ou=Services,dc=example,dc=com?one
#nss_base_networks	ou=Networks,dc=example,dc=com?one
#nss_base_protocols	ou=Protocols,dc=example,dc=com?one
#nss_base_rpc		ou=Rpc,dc=example,dc=com?one
#nss_base_ethers	ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks	ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams	ou=Ethers,dc=example,dc=com?one
#nss_base_aliases	ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup	ou=Netgroup,dc=example,dc=com?one

# attribute/objectclass mapping
# Syntax:
#nss_map_attribute	rfc2307attribute	mapped_attribute
#nss_map_objectclass	rfc2307objectclass	mapped_objectclass

# configure --enable-nds is no longer supported.
# NDS mappings
nss_map_attribute	uniqueMember member

# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad

# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad

# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad

# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword

# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear

# For pre-RFC2307bis automount schema
#nss_map_objectclass automountMap nisMap
#nss_map_attribute automountMapName nisMapName
#nss_map_objectclass automount nisObject
#nss_map_attribute automountKey cn
#nss_map_attribute automountInformation nisMapEntry

# Netscape SDK LDAPS
#ssl on

# Netscape SDK SSL options
#sslpath /etc/ssl/certs

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl	no
ldap_version	3
pam_filter	objectclass=posixAccount
nss_base_passwd	ou=users,dc=beckstahome,dc=de
nss_base_shadow	ou=users,dc=beckstahome,dc=de
nss_base_group	ou=groups,dc=beckstahome,dc=de
tls_checkpeer	no
#ssl on

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes

# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs

# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key

# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0

# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache