[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access lists...

To: Nick Couchman <nick@seakr.com>
Subject: Re: access lists...
From: M Butcher <mbutcher@grcomputing.net>
Date: 12 May 2003 09:52:16 -0600
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <3EBFA590.8050106@seakr.com>
Organization:
References: <3EBFA590.8050106@seakr.com>

I would recommend setting up a PAM user in the ldap
(cn=pam,dc=example,dc=com" or something like that) and setting up acls
that limit that user to viewing (at minimum) uid and userPassword (I
think those are the only two pam_ldap requires). Then configure pam_ldap
to bind as that user. BTW -- userPassword only needs "auth" permissions,
not read or write.

Matt

On Mon, 2003-05-12 at 07:45, Nick Couchman wrote:
> I'm trying to set up my ldap servers to do PAM authentication.  What 
> should I have as far as access lists go to allow the PAM modules to bind 
> anonymously and still be able to read the passwords when users try to 
> authentication?
> 
> Thanks,
> Nick
-- 
M Butcher <mbutcher@grcomputing.net>

References:
- access lists...
  - From: Nick Couchman <nick@seakr.com>

Prev by Date: 2.0.x <--> 2.1.x replication problem
Next by Date: Re: 2.0.x <--> 2.1.x replication problem
Index(es):
- Chronological
- Thread