Re: LDAP and PAM bind authentication

[Markus Benning <benning@erlm.siemens.de>]

Hi,

I'm setting up a LDAP Authentication server too.
Yes, binding with the user itself with having no passwd
in a local file will be a much better idea.
Does someone use such a configuration ?
May be only a few small changes in pam_ldap are needed.

Then its possible to let the user only see his self without
the need of a extra account wich can see all possible user
which can log into this machine.

On Tue, Aug 21, 2001 at 08:25:10PM -0400, Tony Sciortino wrote:
> I am running an openldap server that does not allow anonymous bind.
> I have a linux box that is using PAM to do authentication by
> sending reuests for authentication to this ldap server.
> The way it is working is, I bind as a generic user and password, then
> pam sends the search request for the user trying to authenticate,
> verifies password and allows the login.
> How can I make PAM work with LDAP to bind to the server as the person
> trying to authenticate?
> If the authnticate failes because the user put in the wrong password,
> fine, I need to get rid of this generic id and it is crazy to bind
> as one id then ask for auth for another when it seems it could be
> done in one step.
> 
> -Tony
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

-- 
Markus Benning

   .^.    .---------------------------------------.
   /V\    | Tel. : +49 9131 7 21713               |
 /(   )\  | Email: Markus.Benning@siemens.com     |
  ^^-^^   '---------------------------------------'
         Open Source is a philosophy not a price tag!