pam/nss
Thorsten Kukuk
kukuk at suse.de
Wed Sep 21 13:54:40 UTC 2005
On Wed, Sep 21, Sir Alec wrote:
> Dear Experts,
>
> I successfully set up an ldap server and some clients can
> authenticate.
> What I am wondering about is the pam setup:
> I thought that the pam_unix2 module does the usual getXbyY calls using
> glibc/nss. But unless I specify the pam_ldap module in the pam config.
> I cannot log in.
>
> Is there a document describing the layout?
NSS handles getting the struct passwd entry, PAM handles the
authentication. pam_unix2 cannot authenticate LDAP users, since
the NSS plugin for LDAP does not return crypted passwords. So
for this you need the pam_ldap module.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Pam-list
mailing list