Re: PAM + LDAP and SSH

To: debian-user <debian-user@lists.debian.org>
Subject: Re: PAM + LDAP and SSH
From: "Martin Marcher" <martin.marcher@gmail.com>
Date: Tue, 7 Aug 2007 10:46:12 +0200
Message-id: <[🔎] db90db6e0708070146k4b7d2710ta91ddb4979e83ebd@mail.gmail.com>
In-reply-to: <1185929656.6184.2.camel@h1.unixindia.com>
References: <28f7901f0707310951m76028305t17657c252f118f8f@mail.gmail.com> <20070731173501.GD27748@localhost.localdomain> <db90db6e0707311633u774077f9ta802e1c9bdd2641f@mail.gmail.com> <db90db6e0707311634t7570bc99ke1730a91da425263@mail.gmail.com> <1185929656.6184.2.camel@h1.unixindia.com>

Hello,

On 8/1/07, Bhasker C V <bhasker@unixindia.com> wrote:
>  If you do not want LDAP based authentication then you can
>  edit the nsswitch.conf file (passwd and shadow) to
>  point to appropriate values ? like files, yp
>  for local and NIS auth only.

the problem with that is that you then don't have any information
about the users available.

If you need to have "getent passwd" list the users in your ldap and
don't want them to be able to login just don't mess around with pam,
and stick with libnss-ldap only.

If, on the other hand you need some users to be able to login a
pam_filter is apropriate since you can easily use the host or
authorizedService attribute (or any other attribute for that matter)
to check account validity for a certain box/host.

Reply to:

Prev by Date: Re: How to force update second DNS server
Next by Date: Re: Virtual Machines/Emulators
Previous by thread: Re: How to force update second DNS server
Next by thread: Partitions not mounting
Index(es):
- Date
- Thread