Date: Mon, 15 Jul 2013 17:39:02 -0400 (EDT) From: Daniel Eischen <deischen@freebsd.org> To: Jan Bramkamp <crest@rlwinm.de> Cc: freebsd-stable@freebsd.org Subject: Re: LDAP authentication confusion Message-ID: <Pine.GSO.4.64.1307151729330.8901@sea.ntplx.net> In-Reply-To: <51E46747.7070705@rlwinm.de> References: <Pine.GSO.4.64.1307151438370.8901@sea.ntplx.net> <CAHDg04v8xV-yaCXDzSbOzWEvHRMhDy8x0A=B2eho4iK4b1UuJA@mail.gmail.com> <Pine.GSO.4.64.1307151507130.8901@sea.ntplx.net> <1373915752.13754.140661255962197.3CA2BD96@webmail.messagingengine.com> <Pine.GSO.4.64.1307151550030.8901@sea.ntplx.net> <51E46747.7070705@rlwinm.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Jul 2013, Jan Bramkamp wrote: > On 15.07.2013 21:51, Daniel Eischen wrote: >> >> Wouldn't it be easier just to edit /etc/nsswitch.conf >> anyway? > PAM and NSS switch are two different subsystems. NSS is just for > resource lookups (users, groups, hosts, ...). PAM is for access control. > > With ldap in nsswitch.conf for users and groups you can lookup a LDAP > user but the user can't log into $service through PAM. This requires > pam_ldap.so in pam.d/$service. Minor correction. "This requires the ldap PAM library (pam_ldap.so) to be installed." No pam.d entries seem to be needed. None seem to be necessary on Solaris 10 either. -- DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.1307151729330.8901>