auth ldap pam
Cai Guo Qiang
morpheus00 at gmx.net
Thu Oct 16 00:10:30 PDT 2003
hi there,
i've got a problem with the authentication of pam using ldap. well, it
kind of works, but it seems that all services work not only those,
which are configured in pam.d/ .
example: i configured pam.d/sshd to use the ldap module and all other
services remained unchanged. now it should be possible
for a user, who's account is stored in the ldap directory, to log into
the system over sshd. this worked, but the same user id could
also log in using services such as ftp or http.
this should not be possible, because only sshd is supposed to auth
against ldap directory.
perhaps you have the same problem and can help me.
franz
some configs:
libnss-ldap.conf bzw. pam_ldap.conf:
host 192.168.0.1
base dc=test,dc=com
ldap_version 3
rootbinddn cn=root,dc=test,dc=com
port 389
scope sub
nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
pam.d/sshd:
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so
session required pam_ldap.so
More information about the freebsd-isp
mailing list