Jason Morgan wrote: > On 2008.07.17 10:09:18, [EMAIL PROTECTED] wrote: >> I am wanting to make sure that I have this correct. Using Pam/NSS/LDAP >> and Samba, I need to make the following file: >> >> /etc/pam.d/ldap >> >> which should contain: >> >> login auth sufficient /usr/local/lib/pam_ldap.so >> >> Is that all I have to add to the file? I will also need to uncomment >> the >> sshd line in the '/etc/pam.d/other' or else put that line in a new file >> that is named 'sshd', if I want to use ssh. >> >> I am still trying to get a hold of all of this and want to make sure >> that >> I am doing things correctly. > > I had this exact question/problem when setting LDAP authentication up > for the first time last week. The man pages don't seem all that clear, > to me at least, and the pam documentation is vague, when you can find > it. Anyway, below are the settings I used to get SSH authentication > working. The settings work, but I don't claim they are "correct". > > $ cat /etc/nsswitch.conf > group: files ldap > group_compat: nis > hosts: files dns > passwd: files ldap > passwd_compat: nis > services: compat > services_compat: nis > shells: files ldap > > $ cat /etc/pam.d/sshd > # auth > #auth sufficient pam_opie.so no_warn no_fake_prompts > #auth requisite pam_opieaccess.so no_warn allow_local > #auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth sufficient /usr/local/lib/pam_ldap.so no_warn > try_first_pass > auth required pam_unix.so no_warn try_first_pass > > I believe, if I read the documentation correctly, you want to add > > auth sufficient /usr/local/lib/pam_ldap.so > > to /etc/pam.d/login. That should instruct pam to check ldap at > login. Hopefully, people who really know what they are doing will > respond. > > HTH a bit, >
I found a great article on how to configure PAM. I believe this may be one of the best ones that I have read yet. It explained things very well I thought. You probably have to be registered for linux-mag if you want to read it, but that is free. This is a very good article. It explained the system-auth file also, which is used in Linux, but I don't think that FreeBSD uses that. I was wondering exactly what it did until I read this article. Part I is here http://www.linux-mag.com/id/2105/ Part II is here http://www.linux-mag.com/id/2153 -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"