FW: ppolicy in openldap
Aaron Bliss
abliss at brockport.edu
Tue Jan 13 17:14:56 UTC 2009
Running authconfig should take care of most, if not all of the necessary
config files...You may also find this wiki page on fds helpful:
http://directory.fedoraproject.org/wiki/Howto:PAM
Aaron
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of m.roth2006 at rcn.com
Sent: Tuesday, January 13, 2009 12:04 PM
To: General Red Hat Linux discussion list
Subject: RE: FW: ppolicy in openldap
John,
---- Original message ----
>Date: Tue, 13 Jan 2009 10:04:24 -0600
>From: "Allgood, John" <jallgood at ohl.com>
>
>Thanks for the response.
np
>
>I found some rpms for the newer version of ldap from here
>http://staff.telkomsa.net/packages/rhel5/openldap and I just installed
>them. Looks like a lot of changes in this version. We are trying to
>implement and single signon system for our services and thought ldap
>would be a good choice. You mentioned using PAM with ldap can you
>provide me with a little more on that.
Right. *sigh* Wish I'd sent a copy of my instructions that I documented to
myself before I left my last contract.
<Digs into memory>
First, you need to edit nsswitch for passwd and shadow, at least, to point
to ldap then files.
Then you need to edit (or create) an /etc/pam_ldap.conf
There also needs to be an ldap.conf, to point to the openldap server. This
may, or may not, be in /etc/openldap.
Finally, you need to edit /etc/pam.d/system-auth, and insert
for auth, and account (I think, and password, and *maybe* session, before
the line for pam_unix.so, one for pam_ldap.so
I think that's what you need. I don't guarantee I haven't missed
something....
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list