Date: Mon, 15 Jul 2013 23:19:03 +0200 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-stable@freebsd.org Subject: Re: LDAP authentication confusion Message-ID: <51E46747.7070705@rlwinm.de> In-Reply-To: <Pine.GSO.4.64.1307151550030.8901@sea.ntplx.net> References: <Pine.GSO.4.64.1307151438370.8901@sea.ntplx.net> <CAHDg04v8xV-yaCXDzSbOzWEvHRMhDy8x0A=B2eho4iK4b1UuJA@mail.gmail.com> <Pine.GSO.4.64.1307151507130.8901@sea.ntplx.net> <1373915752.13754.140661255962197.3CA2BD96@webmail.messagingengine.com> <Pine.GSO.4.64.1307151550030.8901@sea.ntplx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15.07.2013 21:51, Daniel Eischen wrote: > > Wouldn't it be easier just to edit /etc/nsswitch.conf > anyway? PAM and NSS switch are two different subsystems. NSS is just for resource lookups (users, groups, hosts, ...). PAM is for access control. With ldap in nsswitch.conf for users and groups you can lookup a LDAP user but the user can't log into $service through PAM. This requires pam_ldap.so in pam.d/$service.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51E46747.7070705>