Results 1 to 4 of 4

Thread: How do PAM and LDAP like each other?

  1. #1
    Join Date
    Mar 2008
    Beans
    119
    Distro
    Ubuntu

    How do PAM and LDAP like each other?

    Hi Everyone,

    I am doing a project for school.

    I have to design a password policy and implement it using Linux.

    I am using LDAP for the configuration of network accessible authentication.

    How do PAM and LDAP work together? If I make changes in /etc/login.defs but then configure OpenLDAP with a different setting which on wins? Or does using OpenLDAP make is so that the settings in /etc/login.defs are only processed for local users?

    Thanks in advance.
    0----------------{PawnRocket}----------------0

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    11,485
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: How do PAM and LDAP like each other?

    As far as I know, if pam_ldap is the default authentication module, then that is what will be tried first. You need to look at the contents of /etc/pam.d, especially the common-auth and common-password files. By default they use pam_unix which authenticates against /etc/passwd and /etc/shadow.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Mar 2008
    Beans
    119
    Distro
    Ubuntu

    Re: How do PAM and LDAP like each other?

    Thanks, I'll look into that.
    0----------------{PawnRocket}----------------0

  4. #4
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: How do PAM and LDAP like each other?

    Generally, it works something like this

    PAM functionality is defined by modules ( *.so libraries) that are loaded. LDAP functionality is provided through pam_ldap.so.

    When the user logs in, or does anything that requires pam, the system looks up the corresponding PAM file (there are ones for login, proftpd, pureftpd, .etc .etc), and auths using the libraries listed there. If you have the LDAP library loaded, it either looks into pam_ldap.conf (this is for fedora, the settings are placed elsewhere in other distros) for the information used to access the LDAP server (i.e. bind password, address) or in some configurations, this is done through the nslcd backend (/etc/nslcd.conf) instead. The nslcd method uses libpam-ldapd (the same backend as NSS (libnss-ldapd)), while the older method uses libpam-ldap.

    This explanation is a bit simplified (no explanation of the auth required/ account required, .etc .etc), but it should suffice
    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •