LDAP authentication confusion
Jan Bramkamp
crest at rlwinm.de
Mon Jul 15 21:19:05 UTC 2013
On 15.07.2013 21:51, Daniel Eischen wrote:
>
> Wouldn't it be easier just to edit /etc/nsswitch.conf
> anyway?
PAM and NSS switch are two different subsystems. NSS is just for
resource lookups (users, groups, hosts, ...). PAM is for access control.
With ldap in nsswitch.conf for users and groups you can lookup a LDAP
user but the user can't log into $service through PAM. This requires
pam_ldap.so in pam.d/$service.
More information about the freebsd-stable
mailing list