[Date Prev][Date Next] [Chronological] [Thread] [Top]

bare nuts on solaris 8/9

Does anyone know the actual bare nuts requirements for having a solaris 8/9
client authenticate against an openldap server?  There's sasl, paddle's
pam_ldap, etc, but I have not seen anything about using the default solaris

I have gathered that there are three essential files that you need:
/etc/nsswitch.conf (change passwd and group to "files ldap")
/var/ldap/ldap_client_file (to tell solaris where things are)
/var/ldap/ldap_client_cred (the username/password for ldap)

If you setup just those things, you can do listusers, ls, getent, finger, etc
(anything that pulls user info), but you can't authenticate passwords (eg, no
telnet, ssh, su, etc).

I know that authenticating passwords happens in pam, and that the default
solaris pam modules do not support anything fancy (namely encryption).  But what
I don't know is if the default solaris pam modules CAN actually authenticate
against openldap (without patching openldap).  If it can't, what are the options,
paddle's pam_ldap, sasl, what (keeping things simple)?

I would really appreciate anyone who can alive my confusion.  There's so much
information out there and most of it is out of date, or contradictory.  I'm just
looking for a definitive answer for the actual base setup.

thanks - Chuck