On Fri, 29 Jan 2010, Jay Sorg wrote: > > Good day! > > Can sesman hold authorization in LDAP? > > If this option is that where it is configured? > > > > Best regards Dm. > > Although I never tested it, it should work. > sesman uses pam so as long as the > /etc/pam.d/sesman > file is configued right, it should work.
Use cvs version ov xrdp, because there is an error in 0.4.1 release that breaks pam ldap authentication. If you need 0.4.1, apply this patch: http://cvs.pld-linux.org/cgi-bin/cvsweb/packages/xrdp/xrdp-signals.patch?rev=1.1 It fixes this error (at least works for me with pam ldap). There is an example of pam configuration for ldap authentication. Note that, you will also have to configure NSS to use LDAP. #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed auth required pam_env.so auth required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed auth sufficient pam_unix.so try_first_pass auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_tally.so file=/var/log/faillog onerr=succeed account required pam_time.so account required pam_unix.so account sufficient pam_localuser.so account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password required pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so try_first_pass blowfish shadow use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so change_uid session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so session optional pam_mkhomedir.so skel=/etc/skel umask=022 Jay: there are a lot of questions regarding LDAP authentication on this list. Is there a xrdp wiki or something where I can write howto on configuring xrdp with pam+ldap? I know that authn/authz happens in pam/nss, but such howto may help users. -- Regards, Paweł Zuzelski ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
