Date: Tue, 18 Sep 2001 01:04:02 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Bill Moran <wmoran@iowna.com> Cc: <questions@FreeBSD.ORG> Subject: Re: pam_ldap and FreeBSD 4.3 Message-ID: <20010918010209.T75069-100000@shumai.marcuscom.com> In-Reply-To: <01091719042702.00330@proxy.the-i-pa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have it working as I did the port. pam_ldap only handles _authentication_. You still need to have the user configured locally on the machine, they just don't need a password. The nss code would be the way to do authorization as well (i.e. have LDAP handle passwd file lookups using the RFC2307 schema). So, if you have a user marcus in LDAP, you need to have a local passwd entry for the user marcus with everything but the password. pam_ldap just lets you consolidate passwords in one place. Joe On Mon, 17 Sep 2001, Bill Moran wrote: > Does anyone have pam_ldap working on FreeBSD? > I'm trying to get it going with FreeBSD 4.3-RELEASE. Apparently, the fact > that nss_ldap doesn't work on FreeBSD yet is causing the failure. For > example: > > If I put an account on the ldap server: > username = test > password = word1 > uid = 1000 > > I can not log in. No ldap errors, just rejected login, however, if I also create > a local user in /etc/password: > username = test > password = completelydifferent > uid = 1000 > > I can now log in as "test" using the password "word1". Apparently, pam_ldap > is working, but FreeBSD won't let the login complete unless it can convert the > uid back to a name. > Is there a workaround for this? Or do I need to fall back on NIS and use that? > It really seems like a shame not to be able to use this. Is someone working on > getting nss working that I could help out? > > -- > Bill Moran > Potential Technology technical services > (412) 793-4257 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918010209.T75069-100000>