[Date Prev][Date Next] [Chronological] [Thread] [Top]

bare nuts on solaris 8/9

To: openldap-software@OpenLDAP.org
Subject: bare nuts on solaris 8/9
From: Chuck Pierce <chuck@onyxsys.net>
Date: Tue, 17 Sep 2002 10:26:40 -0500
Content-disposition: inline
User-agent: Mutt/1.4i

Does anyone know the actual bare nuts requirements for having a solaris 8/9
client authenticate against an openldap server?  There's sasl, paddle's
pam_ldap, etc, but I have not seen anything about using the default solaris
libraries.

I have gathered that there are three essential files that you need:
/etc/nsswitch.conf (change passwd and group to "files ldap")
/var/ldap/ldap_client_file (to tell solaris where things are)
/var/ldap/ldap_client_cred (the username/password for ldap)

If you setup just those things, you can do listusers, ls, getent, finger, etc
(anything that pulls user info), but you can't authenticate passwords (eg, no
telnet, ssh, su, etc).

I know that authenticating passwords happens in pam, and that the default
solaris pam modules do not support anything fancy (namely encryption).  But what
I don't know is if the default solaris pam modules CAN actually authenticate
against openldap (without patching openldap).  If it can't, what are the options,
paddle's pam_ldap, sasl, what (keeping things simple)?

I would really appreciate anyone who can alive my confusion.  There's so much
information out there and most of it is out of date, or contradictory.  I'm just
looking for a definitive answer for the actual base setup.

thanks - Chuck

Follow-Ups:
- Re: bare nuts on solaris 8/9
  - From: Scott Moorhouse <smoorhouse@ae-solutions.com>

Prev by Date: back-sql
Next by Date: Re: convert sql where to ldap filter?
Index(es):
- Chronological
- Thread