pam/nss

Thorsten Kukuk kukuk at suse.de
Wed Sep 21 13:54:40 UTC 2005


On Wed, Sep 21, Sir Alec wrote:

> Dear Experts,
>  
> I successfully set up an ldap server and some clients can 
> authenticate.
> What I am wondering about is the pam setup:
> I thought that the pam_unix2 module does the usual getXbyY calls using 
> glibc/nss. But unless I specify the pam_ldap module in the pam config. 
> I cannot log in.
>  
> Is there a document describing the layout?

NSS handles getting the struct passwd entry, PAM handles the
authentication. pam_unix2 cannot authenticate LDAP users, since
the NSS plugin for LDAP does not return crypted passwords. So
for this you need the pam_ldap module.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk at suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B




More information about the Pam-list mailing list