PAM + LDAP auth without local accounts ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have Linux stations using Novell NDS / eDirectory for authentification.
Works fine so far if I have local accounts in /etc/passwd (password
desactivited in /etc/shadow).
What is the necessary config for logging *without* a local account in
/etc/passwd?

I also use pam_mount and it works fine.

/etc/nsswitch.conf

passwd:	ldap files
shadow:	ldap files
group:	ldap files

============================
/etc/security/pam_mount.conf

debug 1
mkmountpoint 1
lsof /usr/bin/lsof

options_require	nosuid,nodev

luserconf .pam_mount.conf

smbmount /bin/mount -t smbfs
ncpmount /bin/mount -t ncpfs
umount   /bin/umount
lclmount /bin/mount -p0

volume * ncp novell_name_of_server usr/cti/& /home/&
ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users - - 
============================

/etc/ldap.conf

host	mialplacidus
base	ou=cti,ou=aca82,ou=d,o=nhp
ldap_version	3

port 636
pam_password	crypt
sslpath /etc/ssl/certs/cert7.db

nss_base_passwd	<context>
nss_base_shadow	<context>
nss_base_group	<context>
ssl on

tls_cacertdir /etc/ssl/certs
===========================

/etc/security/pam_unix2.conf

auth:	use_ldap nullok
account:	use_ldap
password:	use_ldap nullok
session:	none
===========================

/etc/pam.d/login

#%PAM-1.0
auth   	requisite	pam_unix2.so		nullok
auth	 	required	pam_securetty.so
auth   	required    pam_nologin.so
#auth	 	required	pam_homecheck.so
auth   	required    pam_env.so
auth	 	required	pam_mail.so
account  	required    pam_unix2.so
password 	required	pam_pwcheck.so		nullok
password 	required    pam_unix2.so		nullok
use_first_pass use_authtok
session  	required    pam_unix2.so		none # debug or
trace
session  	required    pam_limits.so

session   	required  	pam_mount.so use_first_pass
auth      	required  	pam_mount.so use_first_pass
===========================


Thanks,
Yann

--
OSS consultant
Centre des Technologies de l'Information
Etat de Genève
82 rue des Acacias
1227 Carouge (GE)
Tél. +41-22-325 11 62


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux