[KLUG Members] user sign on to authenticate against LDAP?
Adam Williams
members@kalamazoolinux.org
Thu, 27 Sep 2001 16:47:22 -0400 (EDT)
>We have LDAP installed and are converting all systems to authenticate
>against it. Can anyone provide documentation or instructions such that when
>a person telnets into a linux box or ftps into the box, the authentication
>is done by LDAP?
/etc/pam.d/system-auth:
-----------------------
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_deny.so
password sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
On RH7.x this will make LDAP a default auth methind. You may not want
this, you should be able to do the same thing to indivual services.
--
-----------------------------------------------------------
Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS
-----------------------------------------------------------