[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [lukeh@xedoc.com.au: new pam_ldap module]
Is there an example for usage?
(Linux redhat5.1, umich ldap3.3)
I'm getting an login: .. password: .. and LDAP password: prompt
BUT the pam module seems not to ask my ldap server :-(
What I did:
copied ldap.conf -> /etc/ldap.conf
#----------------------------------
host 127.0.0.1
port 389
# The distinguished name of the search base.
base o=axel,c=DE
# Filter to AND with uid=%s
#pam_filter objectclass=pamSecurityObject
pam_filter objectclass=useraccount
# The user ID attribute (defaults to uid)
#pam_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Use the V3 protocol to optimize searches
ldap_version 2
#----------------------------------
build my authentication objectclass (and put some content in it):
#----------------------------------
objectclass UserAccount
requires
objectClass,
cn,
uid,
gid,
userPassword,
loginshell,
homedirectory
allows
mail,
description,
seeAlso,
telephoneNumber
#----------------------------------
put the pam_ldap.so module in /lib/security
and edited /etc/pam.d/login
.. I think here is one Problem, I tried some things:
.. one example:
#----------------------------------
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok
use_authtok
password required /lib/security/pam_ldap.so
session required /lib/security/pam_pwdb.so
Jared Mauch wrote:
>
> YAY! :)
>
> ----- Forwarded message from Luke Howard <lukeh@xedoc.com.au> -----
>
> We're pleased to announce the alpha release of our pam_ldap module,
> released under the GNU GLPL (although it is anticipated that it will be
> commercially supported).
>
> The advantages of this particular version are:
>
> o Support for changing passwords in LDAP
>
> o Support for the V3 client API and protocol (to minimize
> rebinds)
>
> o Support for Netscape's SSL API (not yet tested)
>
> o Compatibility with the nss_ldap configuration file format
>
> o Supports ypldapd LDAP locator for plug-and-play installation
>
> o Supports Netscape Directory Server password policies
>
> o Supports access authorization on the "host" attribute of the
> account objectclass
>
> The module builds under both Linux and Solaris although it has only been
> tested under Solaris 2.6.
>
> Where can I get it? For the moment:
>
> http://www.xedoc.com.au/~lukeh/ldap/pam_ldap.tar.gz
>
> Although it will soon be moving to a new location.
>
> Whilst I've got your attention, we've recently developed a GSS-API SASL
> plugin for Netscape's Directory Server and client library. Contact myself
> for further details.
>
> --
> Luke Howard
> PADL Software
> lukeh@padl.com
>
-----DPN--Deutsches-Provider-Network----Bremen--------
isb GmbH Axel Klatt
Internet-Service, Beratung axel@isb.net
Faulenstrasse 2-12, 28195 Bremen
--