[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antwort: tls, pam_ldap and /etc/passwd
I had the same problem and solved it on my own.
You habe to compile slapd with the --with-tls support.
But my problem was, that pam_ldap looked at the wrong config file.
Means, /etc/ldap.conf instead of /etc/pam_ldap.conf.
Use the Uri and the port adressing to get ssl working.
Uri: ldaps://server.domain.ext
Port: 636
Also libnss-ldap and pam_ldap have to be compiled using ssl.
Then all works perfectly.
This is my /etc/pam.d/passwd file which works for me.
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass md5
shadow
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3
Rgds.
Franz
____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com
Christopher Walden
<cmwalden@mythmade.com> An: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Gesendet von: Kopie:
owner-openldap-software@Op Thema: tls, pam_ldap and /etc/passwd
enLDAP.org
25.04.2002 16:46
Greetings.
I have been banging my head against a problem for a while now, and I could
use
a hand. Maybe you could help, or point me to help.
We have set up an openldap server running on RedHat Linux 7.2. I have
created
a database and have more than one system working fine using the pam_ldap
modules. However, when I activate TLS, pam requires me to have a user to
match the ldap user in the system's local /etc/passwd file. This rather
defeats my goals for using LDAP in the first place.
Basically if TLS is off, then everything works OK, pulling non-local users
from LDAP. If I turn TLS on, then LDAP will not authenticate unless there
is
a user in /etc/passwd.
It is entirely possible that this is performing as designed. I have been
unable to find any definitive statements on this.
Anything you could point me to would be greatly appreciated.
Regards,
Christopher Walden
Austin, TX