[Date Prev][Date Next]
Re: Authenticate to OpenLDAP using PAM
ons, 07.04.2004 kl. 20.42 skrev firstname.lastname@example.org:
> I would like to authenticate to my OpenLDAP server in the same way I
> authenticate when I login (using PAM). After googling, I conclude most
> people are interested in the reverse: Using LDAP to authenticate when
> they login.
Most people? Postfix smtp auth is most interesting to Postfix people;
they usually don't give a grunt about pam (well, not quite true, but in
many cases so). Me, I insist on both Openldap and pam authentication
within the same DSA. But both are separate mechanisms, requiring
> I've also read
> "http://www.openldap.org/doc/admin22/security.html", but it's not clear
> to what "user" and "password" correspond ...
This would be para. 9 in the admin guide (I have the single html
version). It has a factor in common to a pam authorization, though both
use different mechanisms. A "user" would be an entity authenticating to
an LDAP server and a "password" would be the secret shared between that
entity and the LDAP server (hopefully no-one else). That much both
mechanisms have in common.
> Specifically, can the "user" and "password" supplied to the "simple"
> OpenLDAP authentication method be checked using PAM?
> More generally, how can I authenticate to OpenLDAP using PAM?
By making use of Padl's pam_ldap (generally coupled with the Padl
nss_ldap) module. It depends on what OS you use, many OSs include this
as standard (Slackware and Debian Linux may not - I don't use or know
either). More details about the pam mechanism at Padl's pam_ldap and
nss_ldap mailing lists, avalable from the www.padl.org url.
Kattekots op de vloer
na de moeë thuiskomst
getrouw als kind
de kat heet welkom.
mail: billy - at - billy.demon.nl