[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How exactly does PAM figure into things? Was: Alternatives to LDAP

Now it is a great article (really!) but he doesn't seem quite sure if PAM needs to be configured for OpenLDAP authentication or not.
According to him you don't really need PAM for authentication because nss_ldap and pam_unix will do this.

If the application doing authentication contains code to authenticate against an LDAP database, you don't need PAM.

Most applications don't contain such code. They just authenticate with PAM and let the PAM module writers deal with what to authenticate against (this greatly simplifies life for the app writer). For these applications, you need pam_ldap.

The Linux login applications are, for example, compiled with PAM support. You need to use pam_ldap to get them to authenticate against an LDAP database.

The Mac OS X login, on the other hand, supports LDAP directly.

The Windowns login does neither; you'll either need to set up either an AD server or configure Samba to act as a PDC with an LDAP backend.

For specific instructions on configuring both Linux and Mac OS X to authenticate against an LDAP DB, see