[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using LDAP for authentication question



Alan,

Thanks...I just came across a web link that was describing this. It was quite a good link actually.
Anyway, here is output from my authconfig file (in /etc/pam.d/ directory, on RH 7.3)

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

I realize what I need to add:

#%PAM-1.0
auth       
required      /lib/security/pam_env.so
auth       
sufficient    /lib/security/pam_unix.so likeauth nullok
auth       
sufficient    /lib/security/pam_ldap.so use_first_pass
auth       
required      /lib/security/pam_deny.so

account     required     
/lib/security/pam_unix.so
account     sufficient   
/lib/security/pam_ldap.so

password    required     
/lib/security/pam_cracklib.so retry=3 minlen=4 \
dcredit=0 ucredit=0
password    sufficient   
/lib/security/pam_unix.so nullok use_authtok \
md5 shadow
password    sufficient   
/lib/security/pam_ldap.so use_authtok
password    required     
/lib/security/pam_deny.so

session     required     
/lib/security/pam_limits.so
session     required     
/lib/security/pam_unix.so
session     optional     
/lib/security/pam_ldap.so

I verified I have /lib/security/pam_ldap.so and I do.

So here is my question: From what I remember, you can use authconfig utility to change the setting, correct?
But, you can also add in the correct lines into the file directly, if you feel comfortable, correct?

Ok..lets say that I do that...now is there anything else I need to do? Restart any services, edit config files etc.
Secondly, I have a root account that is local (default install) and a root account that is in the LDAP accounts tree that is used to add my users to the domain.
Will that pose a problem? Or will I just use the root account and password in LDAP?

Lastly, if something goes wrong (and I hope it doesnt) whats the quickest, fastest and easiest way to recover it?

I appreciate your help.

Jason

At 06:02 PM 8/14/2003 -0600, you wrote:
Jason Williams said:
> Can anyone lead me in the direction of what I will need to do to setup
> the  box so I can use my account that is in LDAP, and allow me to SSH to
> the  box? I dont want to create an additional user account on the
> server, but  instead use the account that I have in LDAP.

Consider installing the nss_ldap package and running /usr/sbin/authconfig
to set up LDAP authentication.
-Alan

===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>