Re: PAM NSS LDAP

["Alan Sparks" <asparks@doublesparks.net>]

Broussard Philippe said:
> 	- What's the difference between NSS and PAM ?

NSS is the name service switch.  It bridges queries for things like
password file entries and group entries to a naming service (like flat
files, or an LDAP directory, or even a Windows domain controller.

PAM is Pluggable Authentication Modules.  While NSS is an information
service, PAM is a mechanism to run a set of authentication algorithms on
credentials entered by the user, and determine their identity and access
right to a resource (e.g., logging into a machine).

> 	- When my users want login in workstation (Linux or Solaris), I
> want that the authentification uses a base LDAP, what's the more
> appropriate between NSS and PAM

Possible.  In general, you need both NSS and PAM set up.  Many Linux
distributions ship with the PADL LDAP NSS/PAM plugins.  Conult your user
docs or Google for your distribution.  RedHat, for instance, provides
initial setup through the authconfig utility.  Others will do it
differently.

Depending on your version of Solaris, you can either use the built-in LDAP
naming service integration (Solaris 8 and above), or install the PADL
modules yourself.  I would suggest you Google around for more specific
information, and perhaps look at www.padl.com.

And, you will want to look at the PADL mainling lists, which is a more
appropriate forum for detailed queries on this topic.
-Alan


===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>