Re: LDAP authentication with PAM

To: debian-devel@lists.debian.org
Subject: Re: LDAP authentication with PAM
From: ressu@uusikaupunki.fi (Sami Haahtinen)
Date: Fri, 13 Apr 2001 09:20:51 +0300
Message-id: <[🔎] 20010413092051.B31345@zanaga.uusikaupunki.fi>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 84k84pvdfj.fsf@snoopy.apana.org.au>; from bam@debian.org on Fri, Apr 13, 2001 at 10:41:36AM +1000
References: <[🔎] 84r8yyv1ob.fsf@snoopy.apana.org.au> <[🔎] 20010412132456.B32403@cistron.nl> <[🔎] 84k84pvdfj.fsf@snoopy.apana.org.au>

On Fri, Apr 13, 2001 at 10:41:36AM +1000, Brian May wrote:
> >>>>> "Wichert" == Wichert Akkerman <wichert@cistron.nl> writes:
> 
>     Wichert> Not at all. ldap.secret can be used to allow root to
>     Wichert> login to the LDAP database as a special user so it can
>     Wichert> make changes normal users are not allowed to make.
> 
>     Wichert> LDAP supports a special `auth' access option where it
>     Wichert> will verify a password which is what PAM uses.
> 
> So I don't need ldap.secret? However, if I deleted ldap.secret, then
> normal authentications don't seem to work. Correction: normal
> authentication didn't work. It works fine now. Go figure ;-).
> 
> I guess I should only have ldap.secret on the server, as if anybody
> breaks into the server, security is lost anyway.

i was wondering about that, how it could be that it wouldn't work if you didn't
have ldap.secret, as it is only used when changing passwords, but it appears it
was just bad luck =)

> >>>>> "Sami" == Sami Haahtinen <ressu@uusikaupunki.fi> writes:
>     Sami> appears that you have gotten all your information from
>     Sami> directory-manager, which is not the best source for
>     Sami> information. it is a good tool for basic setup though.
> 
> Its the only source I have found so far (excluding this list of
> course).

hmm.. if you want to read my story, how i messed it up when i first set up my
LDAP, it's at http://www.uusikaupunki.fi/~ressu/ldap.html it's not a guide how
to set one up.. (but you can read it bethween the lines =) it's just a, well..
log how i did it.

> >>>>> "Steve" == Steve Langasek <vorlon@netexpress.net> writes:
> 
> Some bugs do exist of stable:
> 
> snoopy:/etc/pam.d# passwd bam
> New UNIX password: 
> Retype new UNIX password: 
> LDAP password information changed for bam
> passwd: password updated successfully
> 
> Actually I was pushing ctrl^C trying to abort... Can't it make up its
> mind if its updating UNIX or LDAP? (this only happens when done as
> root with a /etc/ldap.secret file).

i think it might be a bug in passwd, it should abort when it sees ^C.. 

-- 
			      -< Sami Haahtinen >-
	    -< 2209 3C53 D0FB 041C F7B1  F908 A9B6 F730 B83D 761C >-

Reply to:

References:
- LDAP authentication with PAM
  - From: Brian May <bam@debian.org>
- Re: LDAP authentication with PAM
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: LDAP authentication with PAM
  - From: Brian May <bam@debian.org>

Prev by Date: Re: mozilla0.8.x?
Next by Date: Re: LDAP authentication with PAM
Previous by thread: Re: LDAP authentication with PAM
Next by thread: Re: LDAP authentication with PAM
Index(es):
- Date
- Thread