[Date Prev][Date Next]
Re: How exactly does PAM figure into things? Was: Alternatives to LDAP
Now it is a great article (really!) but he doesn't seem quite sure if
PAM needs to be configured for OpenLDAP authentication or not.
According to him you don't really need PAM for authentication because
nss_ldap and pam_unix will do this.
If the application doing authentication contains code to authenticate
against an LDAP database, you don't need PAM.
Most applications don't contain such code. They just authenticate with
PAM and let the PAM module writers deal with what to authenticate
against (this greatly simplifies life for the app writer). For these
applications, you need pam_ldap.
The Linux login applications are, for example, compiled with PAM
support. You need to use pam_ldap to get them to authenticate against an
The Mac OS X login, on the other hand, supports LDAP directly.
The Windowns login does neither; you'll either need to set up either an
AD server or configure Samba to act as a PDC with an LDAP backend.
For specific instructions on configuring both Linux and Mac OS X to
authenticate against an LDAP DB, see