[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nss_ldap error



thanks Tony.  The main reason i wanted to avoid pam is b/c pam does not
seem to support SASL from what i have read and i need the pam libraries
to force a SASL auth request since my ldap server passes authentication
to a radius server.  Putting radius credentials on each ssh client is
not feasible which is why i want to go the ldap route.

 Any workarounds for that do you see?

thanks again 
adam

On Sat, 2003-12-06 at 18:16, Tony Earnshaw wrote:
> fre, 05.12.2003 kl. 21.03 skrev Adam Denenberg:
> 
> > redhat 8 is my OS.
> > 
> > nsswitch.conf: 
> > passwd:     files ldap
> > shadow:     files ldap
> > group:      files ldap
> > 
> > 
> >  here is some output, maybe you can shed some light.  I do have openssh
> > built with pam, but i am not using pam since I was hoping to just use
> > nss libs and have the builtin nss libs query ldap using SASL which would
> > in turn query RADIUS for authentication.  Am i missing something?
> 
> You are missing something ;) The fact that you can't ssh in has
> *nothing* to do with nss, *everything* to do with pam.
> 
> Though you might want to dreadfully, you cannot ignore pam - it's used
> for everything to do with the Unix (yes, I know you're using Linux) side
> of things (like login, passwd, ssh, su, gdm etc). nss is for the
> Openldap-client side of things.
> 
> Also, the indexing of your db seems to be utterly missing.
> 
> So, read up all you can on pam and how to index your db.
> 
> --Tonni