Quoth Jan Bramkamp <[email protected]>: > On 15.07.2013 21:51, Daniel Eischen wrote: > > > > Wouldn't it be easier just to edit /etc/nsswitch.conf > > anyway? > PAM and NSS switch are two different subsystems. NSS is just for > resource lookups (users, groups, hosts, ...). PAM is for access control. > > With ldap in nsswitch.conf for users and groups you can lookup a LDAP > user but the user can't log into $service through PAM. This requires > pam_ldap.so in pam.d/$service.
The default pam_unix.so calls getpwent, so if nss_ldap returns cryptable passwords in its result I think pam_unix can authenticate against those. This is not the same as authenticating by LDAP bind, but may end up accepting the same passwords. Ben _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
