LDAP authentication confusion
Daniel Eischen
deischen at freebsd.org
Mon Jul 15 19:09:48 UTC 2013
On Mon, 15 Jul 2013, Michael Loftis wrote:
> nss_ldap fulfills most of the get*ent calls, thus based on the bits of
> your configuration you've exposed I think you're ending up with that
> behavior and not using pam_ldap at all. Instead the authentication is
> happening via nsswitch fulfilling getpwent() call's (the passwd: files
> ldap line in nsswitch.conf)
Ok, thanks. But shouldn't the documentation be changed
to reflect that?
> On Mon, Jul 15, 2013 at 11:51 AM, Daniel Eischen <deischen at freebsd.org> wrote:
>> There's an article on LDAP authentication on FreeBSD here:
>>
>> http://www.freebsd.org/doc/en/articles/ldap-auth/article.html#client
>>
>> I'm confused as to why pam_ldap and nss_ldap do not need
>> /etc/pam.d entries, as described in the above link in
>> section 3.1.1. Meaning, I do not have any ldap entries
>> in my /etc/pam.d/ or even /usr/local/etc/pam.d/ and
>> ldap logins work (console, ssh, telnet, ftp).
>>
>> $ grep -i ldap /etc/pam.d/*
>> $ grep -i ldap /usr/local/etc/pam.d/*
>>
>> What am I missing?
>>
>> $ uname -v
>> FreeBSD slrtr1 9.1-STABLE FreeBSD 9.1-STABLE #0 r250347...
>> $ uname -m
>> amd64
>> $ cat /etc/nsswitch.conf
>> group: files ldap
>> hosts: files dns
>> networks: files
>> passwd: files ldap
>> shells: files
>> services: files
>> protocols: files
>> rpc: files
--
DE
More information about the freebsd-stable
mailing list