[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authenticate to OpenLDAP using PAM

To: <ms419@freezone.co.uk>, <openldap-software@OpenLDAP.org>
Subject: RE: Authenticate to OpenLDAP using PAM
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 7 Apr 2004 12:26:24 -0700
Importance: Normal
In-reply-to: <50B31BA8-88C3-11D8-B09C-000A95C71776@freezone.co.uk>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
ms419@freezone.co.uk

> I would like to authenticate to my OpenLDAP server in the same way I
> authenticate when I login (using PAM). After googling, I
> conclude most
> people are interested in the reverse: Using LDAP to authenticate when
> they login. I've also read
> "http://www.openldap.org/doc/admin22/security.html";, but it's
> not clear
> to what "user" and "password" correspond ...
>
> Specifically, can the "user" and "password" supplied to the "simple"
> OpenLDAP authentication method be checked using PAM?
>
> More generally, how can I authenticate to OpenLDAP using PAM?

Since PAM uses simple usernames and LDAP Simple Bind uses DNs, you need some
help to make this happen. Typically you would configure openldap
with --enable-spasswd and use {SASL} passwords, and point SASL off at PAM.

This is a pretty odd thing to want to do.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Authenticate to OpenLDAP using PAM
  - From: ms419@freezone.co.uk

Prev by Date: Re: Authenticate to OpenLDAP using PAM
Next by Date: Re: your mail
Index(es):
- Chronological
- Thread