Re: LDAP authentication with PAM
Previously Brian May wrote:
> - every client requires a /etc/ldap.secret file which, AFAIK (guessing) allows
> the client to access the passwords of users and allows programs like chsh,
> chfn, and password to work.
Not at all. ldap.secret can be used to allow root to login to the LDAP
database as a special user so it can make changes normal users are
not allowed to make.
LDAP supports a special `auth' access option where it will verify a
password which is what PAM uses.
Also, I have SSL-enabled LDAP package for potato available at
ftp://ftp.valinux.com/pub/people/wichert/
> Also, I am getting totally confused with the different PAM
> services.
That is nicely documented in the pam-doc package.
> Why do gdm and imap have password specified in /etc/pam.d/gdm,imap?
> (I would be surprised if imap supported changing the password, not
> sure about gdm).
They probably don't use them but someone copied over a template.
> I don't like this duplication of information much though.
You can also remove files so PAM will fall back to using /etc/pam.d/other
which you can fill with standard settings.
Wichert.
--
________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Reply to: