[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap, pam_ldap, accounts
On Mon, Dec 06, 1999 at 11:06:17AM +0000, John P. Looney wrote:
> Should I use the exact /etc/pam.d files that come with pam_ldap then ?
> They are markedly different than the ones that come with RedHat 6.1
If you are using nss_ldap with the correct setup (one that can read the
password attribute) then all you need is to add pam_ldap to the "password"
services. If you are using nss_ldap just for uid and gid lookups (not able
to get the password attribute), then you need to add pam_ldap.so entries
like this prior to each pam_pwdb/pam_unix (for auth only I think):
auth sufficient /lib/security/pam_ldap.so
Also add whatever options you may want (see docs). This will allow
pam_ldap.so to authenticate users, but it will fall through to pam_pwdb
(or pam_unix, whichever you use) for system accounts (like root).
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org - collinbm@djj.state.va.us - bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'