On 11/8/18 9:12 PM, Rick Moen wrote: > Redirecting back on-list. > > Quoting wirelessd...@gmail.com (wirelessd...@gmail.com): [snip] >> So my next question is, whats the recommended package to authenticate >> with LDAP and allow users to login to a desktop via their LDAP >> account? I've seen various options for PAM and NSS, but do I need to >> configure both or just one? [snip] > I remember that you very much needed a PAM hook, because you're > introducing a new and preferred authentication method for shell login. > Offhand, I can't remember exactly _how_ NSS is part of this picture > (being about name services, e.g., names of hosts), but NSS and PAM > are pretty intertwined. [snip] If you are using keys for authentication then you would not need PAM, I think. Using the AuthorizedKeysCommand directive to make an LDAP query and retrieve the public key ought to be enough.
There is an example in this README file: https://github.com/reyk/ldapclient Apologies for using a Github link. /Lars _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng