Patrick Proniewski <[email protected]> writes: > Hello, > > I'm absolute beginner with OAth, I've installed the freebsd package > few hours ago, and started playing and google immediately. > > I have a bunch of Linux/FreeBSD servers that are bound to a LDAP > server for sysadmin and users authentication, using pam_ldap. I would > like to add a layer of security on top of that with pam_oath, but I'm > pretty sure it won't be that easy, as I have not found a single > example of such a configuration. > > Is it possible to authenticate on a server through pam_ldap (non-local > users) with the added security of pam_oath?
Hi. Sorry for slow response. No, not to my knowledge. A lot of PAM modules include LDAP support natively to adress this use-case. It is similar for validating the password-part, libpam-oath takes over this role and does it poorly. If someone know how to configure PAM to acomplish something better, please share. I suppose that supporting LDAP directly in the PAM module is ineviteble, even though I don't look forward to maintaining that code. /Simon
signature.asc
Description: PGP signature
