From owner-freebsd-security  Tue Mar  5  0:50:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from esplanaden.cybercity.dk (esplanaden.cybercity.dk [212.242.40.114])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8BF3B37B400; Tue,  5 Mar 2002 00:50:15 -0800 (PST)
Received: from windot.cybercity.dk ([172.16.2.163]) by esplanaden.cybercity.dk with Microsoft SMTPSVC(5.0.2195.3779);
	 Tue, 5 Mar 2002 09:50:08 +0100
Message-Id: <5.1.0.14.2.20020305094742.058185d8@mx00.cybercity.dk>
X-Sender: sch@mx00.cybercity.dk
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 05 Mar 2002 09:50:07 +0100
To: Ted Wisniewski <ted@ness.plymouth.edu>,
	freebsd-questions@freebsd.org, freebsd-security@freebsd.org
From: Soeren Schroeder <sch@cybercity.dk>
Subject: Re: PAM & LDAP - Pointer anyone?
In-Reply-To: <200202270356.g1R3u5u25254@ness.plymouth.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 05 Mar 2002 08:50:08.0663 (UTC) FILETIME=[C0DB8A70:01C1C422]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 22:56 26-02-2002 -0500, Ted Wisniewski wrote:
>I was wondering...  Has anyone done this successfully?
>
>I have FreeBSD 4.5, OpenLdap 2.0.23 & pam_ldap-137
>
>I have LDAP running, and configured where I can successfully Authenticate
>FTP sessions.    However, when I try to authenticate any other
>service - no go.
>
>I am specifically intersted in:
>
>         ssh, telnet, pop3, imap
>
>Since I have been able to do "ftp" I must be doing something correctly.
>
>pam.conf entry (for telnetd):
>
># "telnetd" is for SRA authenticated telnet only. Non-SRA uses 'login'
>telnetd auth    required        pam_ldap.so                     try_first_pass
>
>I also have ftpd:
>
>ftpd    auth    sufficient      pam_skey.so
>ftpd    auth    requisite       pam_cleartext_pass_ok.so
>ftpd    auth    sufficient      pam_ldap.so 
>try_first_pass
>
>
>Perhaps I am missing something obvious?  If someone has done this and can
>point me in the right direction, it would be much appreciated.

A workaround is installing ypldapd:
http://www.padl.com/ldap-nis_gateway.html
A nis server on top of ldap. Works like a charm !

Then all your deamons works out of the box. We tried PAM LDAP and ditched it.
-- 
Søren Schrøder  -  sch@cybercity.dk  -  PGP-key available on request
      "To define recursion, we must first define recursion."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message