Re: Linux user authentication and shaodw passwords

[Adrian Likins <alikins@redhat.com>]

On Tue, May 30, 2000 at 04:47:42PM -0300, Andreas Hasenack wrote:
> Em Tue, May 30, 2000 at 02:26:08PM -0500, nwiebe@lynxgl.com escreveu:
> > 
> > Hi,
> >   I'm having a _really_ hard time finding any sort of complete docs on how
> > to get linux (rh6.2) to authenticate to an openldap 1.2.9-6 server running
> > on the same computer.  I've migrated /etc/*, and 'ldapsearch -d 5 -L
> > "(objectclass=*)"' returns a whole mess of stuff, but the passwords don't
> > seem to have migrated properly.  I have 'auth sufficient
> > /lib/security/pam_ldap.so' in /etc/pam.d/login, and I get prompted for a
> > LDAP password, but it dosen't matter what I type in for the LDAP password,
> > the system just authenticates agains't the normal unix passwd.

> >   Also, if I add a new user to the system, how does that new user get
> > added to the ldap database?  

> > pointers to docs would be much appreciated.
> 
> RedHat has an article, but they don't show how to configure/use pam_ldap, just
> nss, which you should also have installed if you don't want any user info in
> your /etc/* files

	The easiest thing to do is copy the pam config files out of
/usr/doc/nss_ldap*/pam.d/. May need to season to taste, but for most
configs, they work out of the box.

	Of course, if nss_ldap is being used, and your using pam_unix,
then you dont need to use pam_ldap, as pam_unix will use the crypted passwd
getent and friends returns. 

	for more info:


http://www.redhat.com/support/manuals/RHL-6.2-Manual/ref-guide/s1-ldap-redhattips.html

and/or

http://people.redhat.com/alikins/ldap


Adrian