Running authconfig should take care of most, if not all of the necessary config files...You may also find this wiki page on fds helpful: http://directory.fedoraproject.org/wiki/Howto:PAM Aaron -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth2006@xxxxxxx Sent: Tuesday, January 13, 2009 12:04 PM To: General Red Hat Linux discussion list Subject: RE: FW: ppolicy in openldap John, ---- Original message ---- >Date: Tue, 13 Jan 2009 10:04:24 -0600 >From: "Allgood, John" <jallgood@xxxxxxx> > >Thanks for the response. np > >I found some rpms for the newer version of ldap from here >http://staff.telkomsa.net/packages/rhel5/openldap and I just installed >them. Looks like a lot of changes in this version. We are trying to >implement and single signon system for our services and thought ldap >would be a good choice. You mentioned using PAM with ldap can you >provide me with a little more on that. Right. *sigh* Wish I'd sent a copy of my instructions that I documented to myself before I left my last contract. <Digs into memory> First, you need to edit nsswitch for passwd and shadow, at least, to point to ldap then files. Then you need to edit (or create) an /etc/pam_ldap.conf There also needs to be an ldap.conf, to point to the openldap server. This may, or may not, be in /etc/openldap. Finally, you need to edit /etc/pam.d/system-auth, and insert for auth, and account (I think, and password, and *maybe* session, before the line for pam_unix.so, one for pam_ldap.so I think that's what you need. I don't guarantee I haven't missed something.... mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
