[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

To: Matthew Mauzy <matthew_mauzy@unc.edu>
Subject: RE: Configuring Solaris 8 clients
From: Igor Brezac <igor@ipass.net>
Date: Thu, 27 Mar 2003 16:27:29 -0500 (EST)
Cc: LDAP Mailing List <openldap-software@OpenLDAP.org>
In-reply-to: <1903061312.1048780460@etrier2.amath.unc.edu>
References: <Pine.GSO.4.53.0303270930210.20953@pula.ypass.net> <1903061312.1048780460@etrier2.amath.unc.edu>

On Thu, 27 Mar 2003, Matthew Mauzy wrote:

> > My guess is that anonymous cannot read userPassword attribute, or the
> > userPassword attribute is not of the {crypt}xxxxxxxxxxxxx form.
>
> Correct.  My userPassword attribute is {KERBEROS}prinical@REALM
>

To my knowledge this will not to work, I tried other hashes such as md5
and cleartext and non of them worked.  userPassword has to use {crypt}
hash.

>
> I am now getting account info from LDAP.  Only problem is getting PAM
> stacked correctly to allow login via ssh/telnet/xdm for LDAP accounts.  I
> can su into the account, but logins fail to no local accounts.
>

If you leave default pam config, login pam_unix_auth will be used which in
turn will consult nsswitch.  You can configure pam to use ldap directly,
check 'man pam_ldap'.  It is very simple.

-- 
Igor

Follow-Ups:
- RE: Configuring Solaris 8 clients
  - From: Matthew Mauzy <matthew_mauzy@unc.edu>

References:
- RE: Configuring Solaris 8 clients
  - From: Igor Brezac <igor@ipass.net>
- RE: Configuring Solaris 8 clients
  - From: Matthew Mauzy <matthew_mauzy@unc.edu>

Prev by Date: Re: restricting login to individual hosts
Next by Date: RE: Configuring Solaris 8 clients
Index(es):
- Chronological
- Thread