Re: Linux user authentication and shaodw passwords

[Andreas Hasenack <andreas@conectiva.com.br>]

Em Tue, May 30, 2000 at 05:07:15PM -0400, Adrian Likins escreveu:
> 	Of course, if nss_ldap is being used, and your using pam_unix,
> then you dont need to use pam_ldap, as pam_unix will use the crypted passwd
> getent and friends returns. 

This will only work if you configure nss to NOT bind anonymously (/etc/ldap.conf).
Otherwise it won't have access to the userpassword attribute. pam_ldap uses the
user-entered info (name & password) to bind to the ldap server, and only then
will the server allow the userpassword attribute to be read.
Well, I don't know exactly what determines the success of the authentication:
the binding or, after the binding, being able to read the userpassword attribute.

I tried once to bind as me (andreas) in /etc/ldap.conf and then I could authenticate
as myself without using pam_ldap, but all the other users couldn't anymore.

-- 
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!