LDAP authentication confusion
Daniel Eischen
deischen at freebsd.org
Mon Jul 15 21:39:03 UTC 2013
On Mon, 15 Jul 2013, Jan Bramkamp wrote:
> On 15.07.2013 21:51, Daniel Eischen wrote:
>>
>> Wouldn't it be easier just to edit /etc/nsswitch.conf
>> anyway?
> PAM and NSS switch are two different subsystems. NSS is just for
> resource lookups (users, groups, hosts, ...). PAM is for access control.
>
> With ldap in nsswitch.conf for users and groups you can lookup a LDAP
> user but the user can't log into $service through PAM. This requires
> pam_ldap.so in pam.d/$service.
Minor correction. "This requires the ldap PAM library (pam_ldap.so)
to be installed." No pam.d entries seem to be needed. None seem
to be necessary on Solaris 10 either.
--
DE
More information about the freebsd-stable
mailing list