Re: LDAP authentication with PAM
>>>>> "Turbo" == Turbo Fredriksson <turbo@bayour.com> writes:
Turbo> Quoting Brian May <bam@debian.org>:
>> I found documentation on how to setup LDAP PAM based
>> authentication, in
Turbo> [...]
>> - openldap2 in unstable doesn't support SSL which is considered
>> essential. - no mention of how to get Kerberos support going
>> via SASL.
Turbo> When I did this, I was smart enough to write down all the
Turbo> step's... http://www.bayour.com/LDAPv3-HOWTO.html
Question:
in your slapd.conf you have:
# Should not be readable to anyone, and only editable by admin...
access to attr=mailQuota,trustModel,accessTo
by dn="<YOUR ADMIN DN>" write
by dn="uid=ldapadm.+\+realm=<YOUR REALM>" write
by self read
by * none
and in pam_ldap.conf you have:
pam_filter objectclass=posixAccount)(|(trustmodel=fullaccess)(accessto=hostname.domainname.com)
but this line seems to require anonymous access to trustmodel and
accessto in order to work. Is there a mistake somewhere here? Or have
I missed something?
--
Brian May <bam@debian.org>
Reply to: