[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using LDAP for authentication question

To: "Alan Sparks" <asparks@doublesparks.net>
Subject: Re: Using LDAP for authentication question
From: Jason Williams <jwilliams@courtesymortgage.com>
Date: Thu, 14 Aug 2003 17:25:29 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <2940.192.168.2.6.1060905748.squirrel@www.doublesparks.net>
References: <5.2.1.1.0.20030814162508.0261c8c8@pop.courtesymortgage.com> <5.2.1.1.0.20030814162508.0261c8c8@pop.courtesymortgage.com>

Alan,

Thanks...I just came across a web link that was describing this. It was quite a good link actually.
Anyway, here is output from my authconfig file (in /etc/pam.d/ directory, on RH 7.3)

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

I realize what I need to add:

#%PAM-1.0
auth       
required      /lib/security/pam_env.so
auth       
sufficient    /lib/security/pam_unix.so likeauth nullok
auth       
sufficient    /lib/security/pam_ldap.so use_first_pass
auth       
required      /lib/security/pam_deny.so

account     required     
/lib/security/pam_unix.so
account     sufficient   
/lib/security/pam_ldap.so

password    required     
/lib/security/pam_cracklib.so retry=3 minlen=4 \
dcredit=0 ucredit=0
password    sufficient   
/lib/security/pam_unix.so nullok use_authtok \
md5 shadow
password    sufficient   
/lib/security/pam_ldap.so use_authtok
password    required     
/lib/security/pam_deny.so

session     required     
/lib/security/pam_limits.so
session     required     
/lib/security/pam_unix.so
session     optional     
/lib/security/pam_ldap.so

I verified I have /lib/security/pam_ldap.so and I do.

So here is my question: From what I remember, you can use authconfig utility to change the setting, correct?
But, you can also add in the correct lines into the file directly, if you feel comfortable, correct?

Ok..lets say that I do that...now is there anything else I need to do? Restart any services, edit config files etc.
Secondly, I have a root account that is local (default install) and a root account that is in the LDAP accounts tree that is used to add my users to the domain.
Will that pose a problem? Or will I just use the root account and password in LDAP?

Lastly, if something goes wrong (and I hope it doesnt) whats the quickest, fastest and easiest way to recover it?

I appreciate your help.

Jason

At 06:02 PM 8/14/2003 -0600, you wrote:

Jason Williams said:
> Can anyone lead me in the direction of what I will need to do to setup
> the box so I can use my account that is in LDAP, and allow me to SSH to
> the box? I dont want to create an additional user account on the
> server, but instead use the account that I have in LDAP.

Consider installing the nss_ldap package and running /usr/sbin/authconfig
to set up LDAP authentication.
-Alan

===========
Alan Sparks, UNIX/Linux Systems Administrator <asparks@doublesparks.net>

Follow-Ups:
- Re: Using LDAP for authentication question
  - From: John Beamon <jbeamon@franklinamerican.com>

References:
- Using LDAP for authentication question
  - From: Jason Williams <jwilliams@courtesymortgage.com>
- Re: Using LDAP for authentication question
  - From: "Alan Sparks" <asparks@doublesparks.net>

Prev by Date: Re: Using LDAP for authentication question
Next by Date: Re: Missing slapd.conf in redhat 7.3?
Index(es):
- Chronological
- Thread