PAM + LDAP auth without local accounts ?
Forget Yann (CHA)
yann.forget at etat.ge.ch
Tue Mar 23 10:28:38 UTC 2004
Hi,
I got the solution.
--
OSS consultant
Centre des Technologies de l'Information
Etat de Genève
82 rue des Acacias
1227 Carouge (GE)
Tél. +41-22-325 11 62
> I have Linux stations using Novell NDS / eDirectory for
> authentification.
> Works fine so far if I have local accounts in /etc/passwd (password
> desactivited in /etc/shadow).
> What is the necessary config for logging *without* a local account in
> /etc/passwd?
> /etc/ldap.conf
I added the uNIXHomeDirectory attribute in eDirectory and in /etc/ldap.conf:
nss_map_attribute homeDirecory uNIXHomeDirectory
> ===========================
> /etc/pam.d/login
>
> session required pam_limits.so
>
> session required pam_mount.so use_first_pass
> auth required pam_mount.so use_first_pass
This should be:
session optional pam_mkhomedir.so skel=/etc/skel umask=0022
session optional pam_mount.so use_first_pass
auth optional pam_mount.so use_first_pass
> ===============
> /etc/security/pam_mount.conf
> volume * ncp novell_name_of_server usr/cti/& /home/& \
> ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users -
-
To allow symlinks, this should be:
volume * ncp novell_name_of_server usr/cti/& /home/& \
ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users,strong,sy
mlinks,nfsextras - -
Yann
More information about the Pam-list
mailing list