[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Using an LDAP backend for XDM logins

[ My apologies to everyone if this message appears twice. The first
time I sent it I had not recieved confirmation of subscription to
debiian-user. I retried subscribing 7 hours later and did recieve
confirmation. I am resending the message in case it did not make it
through the first time. ]

Greetings all,
	I have used Debian for a quite a while now, but this is my
first post to any of the mailing lists. I have been interested in
using LDAP as a backend for authentication and other info for a while
now. Just recently I check apt and found that all of the necessary
pieces were in the archives, so I decided to snag it all and have a go
at it.
	I now have pam_ldap installed and working ( on two machines )
and all authentication info is being processed through LDAP. ( I also
have NIS installed and working for the two machines. ) First a brief
overview of my systems:

odeen: The NIS/LDAP server. All authentication is processed through
       here.
famille: A 486 running X windows used mainly as a workstation.
         Configured with nss_ldap and pam_ldap.

When I configured famille to use LDAP I also configured
/etc/nsswitch.conf to use LDAP also. It appears to in most cases.
However, when I have the settings "passwd: ldap nis" and "group: ldap
nis" logging in through XDM doesn't work. If I have plain "passwd:
nis, group: nis" or "passwd: compat, group: compat" XDM logins work
fine.

To summarize:
	I can change LDAP passwords from either machine and I can change
NIS passwords from either machine. I can login at the console on
either machine and have the logins processed through pam/ldap. XDM
apparently is not PAMified and does not use pam_ldap module at all.
XDM only successfully authenticates if /etc/nsswitch.conf uses
"compat" or "nis" for the passwd and group settings.

Does anyone have any ideas what I might be doing wrong or who best to
talk to?

Thanks for the time,
LaterDude
--
the "LaterDude"
ICQ: 52640402
martinja@ice-works.com

All opinions expressed are my own and not necessarily those of
my employer unless otherwise noted.

----- End forwarded message -----

--
the "LaterDude"
ICQ: 52640402
martinja@ice-works.com

All opinions expressed are my own and not necessarily those of
my employer unless otherwise noted.
Reply to: