From owner-freebsd-stable@FreeBSD.ORG Mon Jul 15 21:19:05 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5A8A75F5 for ; Mon, 15 Jul 2013 21:19:05 +0000 (UTC) (envelope-from crest@rlwinm.de) Received: from mail.rlwinm.de (mail.rlwinm.de [IPv6:2a01:4f8:140:72e1::ac16:e45e]) by mx1.freebsd.org (Postfix) with ESMTP id 236F4B2F for ; Mon, 15 Jul 2013 21:19:05 +0000 (UTC) Received: from hexe.rlwinm.de (p4FE67BC6.dip0.t-ipconnect.de [79.230.123.198]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.rlwinm.de (Postfix) with ESMTPSA id F16D0116C2 for ; Mon, 15 Jul 2013 21:15:34 +0000 (UTC) Message-ID: <51E46747.7070705@rlwinm.de> Date: Mon, 15 Jul 2013 23:19:03 +0200 From: Jan Bramkamp User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130707 Thunderbird/17.0.7 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: LDAP authentication confusion References: <1373915752.13754.140661255962197.3CA2BD96@webmail.messagingengine.com> In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2013 21:19:05 -0000 On 15.07.2013 21:51, Daniel Eischen wrote: > > Wouldn't it be easier just to edit /etc/nsswitch.conf > anyway? PAM and NSS switch are two different subsystems. NSS is just for resource lookups (users, groups, hosts, ...). PAM is for access control. With ldap in nsswitch.conf for users and groups you can lookup a LDAP user but the user can't log into $service through PAM. This requires pam_ldap.so in pam.d/$service.