PAM + LDAP auth without local accounts ?
Forget Yann (CHA)
yann.forget at etat.ge.ch
Fri Mar 12 13:24:21 UTC 2004
Hi,
I have Linux stations using Novell NDS / eDirectory for authentification.
Works fine so far if I have local accounts in /etc/passwd (password
desactivited in /etc/shadow).
What is the necessary config for logging *without* a local account in
/etc/passwd?
I also use pam_mount and it works fine.
/etc/nsswitch.conf
passwd: ldap files
shadow: ldap files
group: ldap files
============================
/etc/security/pam_mount.conf
debug 1
mkmountpoint 1
lsof /usr/bin/lsof
options_require nosuid,nodev
luserconf .pam_mount.conf
smbmount /bin/mount -t smbfs
ncpmount /bin/mount -t ncpfs
umount /bin/umount
lclmount /bin/mount -p0
volume * ncp novell_name_of_server usr/cti/& /home/&
ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users - -
============================
/etc/ldap.conf
host mialplacidus
base ou=cti,ou=aca82,ou=d,o=nhp
ldap_version 3
port 636
pam_password crypt
sslpath /etc/ssl/certs/cert7.db
nss_base_passwd <context>
nss_base_shadow <context>
nss_base_group <context>
ssl on
tls_cacertdir /etc/ssl/certs
===========================
/etc/security/pam_unix2.conf
auth: use_ldap nullok
account: use_ldap
password: use_ldap nullok
session: none
===========================
/etc/pam.d/login
#%PAM-1.0
auth requisite pam_unix2.so nullok
auth required pam_securetty.so
auth required pam_nologin.so
#auth required pam_homecheck.so
auth required pam_env.so
auth required pam_mail.so
account required pam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok
use_first_pass use_authtok
session required pam_unix2.so none # debug or
trace
session required pam_limits.so
session required pam_mount.so use_first_pass
auth required pam_mount.so use_first_pass
===========================
Thanks,
Yann
--
OSS consultant
Centre des Technologies de l'Information
Etat de Genève
82 rue des Acacias
1227 Carouge (GE)
Tél. +41-22-325 11 62
More information about the Pam-list
mailing list