[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
* Howard Chu <hyc@symas.com> [20181216 14:18]:
> Howard Chu wrote:
> > Jean-Francois Malouin wrote:
> >> * Howard Chu <hyc@symas.com> [20181216 08:57]:
> >>> Ryan Tandy wrote:
> >>>> On Fri, Dec 14, 2018 at 03:24:17PM -0500, Jean-Francois Malouin wrote:
> >>>>> I'm using libnss-ldap along with pam-ldap on Ubuntu and Debian clients.
> >>>>
> >>>> I have not tried this myself, but recent versions of nss-pam-ldapd appear to include a 'chsh.ldap' command in the nslcd-utils package. However it looks like
> >>>> that would require you to be using libnss-ldapd and libpam-ldapd with nslcd, rather than the old libnss-ldap and libpam-ldap.
> >>>
> >>> Would be best to be running those anyway, since the old stuff was deprecated long ago.
> >>
> >> Well, I hard-locked all the systems I tried to install libnss-ldapd along with
> >> nslcd: no ssh sessions, no console logins, nada. Once more, a PAM-related
> >> issue I guess.
> >> Also, it seems that all the info I find out there about how to configure those
> >> are either obsolete, very old and in some cases, 'not even wrong' :)
> >>
> >> As for being 'deprecated', https://wiki.debian.org/LDAP/NSS claims that:
> >>
> >> "In general libnss-ldapd is simpler but newer and libnss-ldap is more mature
> >> but more complex...".
> >
> > The author of nss_ldap and pam_ldap officially abandoned those packages ~9 years ago. Support
> > for those packages was redirected from the authors at PADL.com to Symas.com back in 2007 or so,
>
> At least by April 2007
> http://scratchpad.wikia.com/wiki/Ldap?diff=2174401&oldid=129692
>
> > and we (Symas) have promoted nss-pam-ldapd and OpenLDAP nssov since 2010.
> >
> > nss-ldap is not mature, it is dead.
:)
Thanks all for the very interesting remarks and feedback.
jf
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/