Everything else? You mean besides ssh? Well.. I'm definitely not an expert in PAM nor Ldap. I've been working hard core with it the last month and learned a great deal (we're implementing ldap for single source sign on). We plan on using it for much more including Apache authentication, address book management and so on. Other services such as login seem to work fine with ldap setup this way. I haven't tried many beyond login, ssh and apache (with ldap authentication). Something I'm unhappy about ldap and authentication is a lack of flexability. When ldap is unavailable then local files are not queried. It's really weird. I have my nsswitch.conf setup to check local files first then ldap. You would think I can still login with local user accounts regardless of my ldap status. Nope. Someone in the redhat list mentioned it was a bug with nss_ldap. ::sigh:: To resolve this problem I'm setting up 3 ldap servers :-) Just in case. Otherwise I'm thrilled over our solution. Now if we could only resolve the pam_mkhomedir problem with ssh running privsep :-) One thing at a time ::grinz:: Quoting Justin Zygmont <jzygmont@solarflow.dyndns.org>: > oh, that. what about everything else though, there are examples from > the > nss-ldap package but I noticed some of them don't even work. Time to > read > up on pam:) > > > On Mon, 24 Feb 2003, sentinel wrote: > > > I have an ldap server and clients running redhat 8.0. Authconfig > modified > > the pam files when I enabled ldap authentication. Actually it didn't > modify > > sshd however system-auth was modified with the ldap entries. > > > > > > > > Quoting Justin Zygmont <jzygmont@solarflow.dyndns.org>: > > > > > not the pam files. > > > _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
