[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap user authentication, PAM and chsh (change shell): how to make it work?

To: OpenLDAP Technical <openldap-technical@openldap.org>
Subject: Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>
Date: Mon, 17 Dec 2018 10:37:34 -0500
Cc: Howard Chu <hyc@symas.com>
Content-disposition: inline
In-reply-to: <c17d1cd9-780a-1b8a-07c6-f7274bd5b9ea@symas.com>
Mail-followup-to: OpenLDAP Technical <openldap-technical@openldap.org>, Howard Chu <hyc@symas.com>
References: <20181214202417.GA9807@bic.mni.mcgill.ca> <20181216021849.yh5dpn346bwlf72o@comet.nardis.ca> <69963039-1fdf-3b3e-d4e6-b7fdac7d6920@symas.com> <20181216181453.GA7759@bic.mni.mcgill.ca> <8ead2645-318c-a2c5-d3f8-937e2934cc12@symas.com> <c17d1cd9-780a-1b8a-07c6-f7274bd5b9ea@symas.com>
User-agent: Mutt/1.5.21 (2010-09-15)

* Howard Chu <hyc@symas.com> [20181216 14:18]:
> Howard Chu wrote:
> > Jean-Francois Malouin wrote:
> >> * Howard Chu <hyc@symas.com> [20181216 08:57]:
> >>> Ryan Tandy wrote:
> >>>> On Fri, Dec 14, 2018 at 03:24:17PM -0500, Jean-Francois Malouin wrote:
> >>>>> I'm using libnss-ldap along with pam-ldap on Ubuntu and Debian clients.
> >>>>
> >>>> I have not tried this myself, but recent versions of nss-pam-ldapd appear to include a 'chsh.ldap' command in the nslcd-utils package.  However it looks like
> >>>> that would require you to be using libnss-ldapd and libpam-ldapd with nslcd, rather than the old libnss-ldap and libpam-ldap.
> >>>
> >>> Would be best to be running those anyway, since the old stuff was deprecated long ago.
> >>
> >> Well, I hard-locked all the systems I tried to install libnss-ldapd along with
> >> nslcd: no ssh sessions, no console logins, nada. Once more, a PAM-related
> >> issue I guess. 
> >> Also, it seems that all the info I find out there about how to configure those
> >> are either obsolete, very old and in some cases, 'not even wrong' :)
> >>
> >> As for being 'deprecated', https://wiki.debian.org/LDAP/NSS claims that:
> >>
> >> "In general libnss-ldapd is simpler but newer and libnss-ldap is more mature
> >> but more complex...". 
> > 
> > The author of nss_ldap and pam_ldap officially abandoned those packages ~9 years ago. Support
> > for those packages was redirected from the authors at PADL.com to Symas.com back in 2007 or so,
> 
> At least by April 2007
> http://scratchpad.wikia.com/wiki/Ldap?diff=2174401&oldid=129692
> 
> > and we (Symas) have promoted nss-pam-ldapd and OpenLDAP nssov since 2010.
> > 
> > nss-ldap is not mature, it is dead.

:) 

Thanks all for the very interesting remarks and feedback.

jf

> 
> -- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Howard Chu <hyc@symas.com>
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Howard Chu <hyc@symas.com>
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Antw: Re: fast delete a lot of entries
Next by Date: Re: RE24 testing call (2.4.47) LMDB RE0.9 testing call (0.9.23)
Index(es):
- Chronological
- Thread