[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication with PAM

>>>>> "Turbo" == Turbo Fredriksson <turbo@bayour.com> writes:

    Turbo> Quoting Brian May <bam@debian.org>:
    >> I found documentation on how to setup LDAP PAM based
    >> authentication, in
    Turbo> [...]
    >> - openldap2 in unstable doesn't support SSL which is considered
    >> essential.  - no mention of how to get Kerberos support going
    >> via SASL.

    Turbo> When I did this, I was smart enough to write down all the
    Turbo> step's...  http://www.bayour.com/LDAPv3-HOWTO.html


in your slapd.conf you have:

# Should not be readable to anyone, and only editable by admin...
       access to attr=mailQuota,trustModel,accessTo
               by dn="<YOUR ADMIN DN>" write
               by dn="uid=ldapadm.+\+realm=<YOUR REALM>" write
               by self read
               by * none

and in pam_ldap.conf you have:

pam_filter objectclass=posixAccount)(|(trustmodel=fullaccess)(accessto=hostname.domainname.com)

but this line seems to require anonymous access to trustmodel and
accessto in order to work. Is there a mistake somewhere here? Or have
I missed something?
Brian May <bam@debian.org>

Reply to: