Date: Mon, 15 Jul 2013 15:09:47 -0400 (EDT) From: Daniel Eischen <deischen@freebsd.org> To: Michael Loftis <mloftis@wgops.com> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: LDAP authentication confusion Message-ID: <Pine.GSO.4.64.1307151507130.8901@sea.ntplx.net> In-Reply-To: <CAHDg04v8xV-yaCXDzSbOzWEvHRMhDy8x0A=B2eho4iK4b1UuJA@mail.gmail.com> References: <Pine.GSO.4.64.1307151438370.8901@sea.ntplx.net> <CAHDg04v8xV-yaCXDzSbOzWEvHRMhDy8x0A=B2eho4iK4b1UuJA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Jul 2013, Michael Loftis wrote: > nss_ldap fulfills most of the get*ent calls, thus based on the bits of > your configuration you've exposed I think you're ending up with that > behavior and not using pam_ldap at all. Instead the authentication is > happening via nsswitch fulfilling getpwent() call's (the passwd: files > ldap line in nsswitch.conf) Ok, thanks. But shouldn't the documentation be changed to reflect that? > On Mon, Jul 15, 2013 at 11:51 AM, Daniel Eischen <deischen@freebsd.org> wrote: >> There's an article on LDAP authentication on FreeBSD here: >> >> http://www.freebsd.org/doc/en/articles/ldap-auth/article.html#client >> >> I'm confused as to why pam_ldap and nss_ldap do not need >> /etc/pam.d entries, as described in the above link in >> section 3.1.1. Meaning, I do not have any ldap entries >> in my /etc/pam.d/ or even /usr/local/etc/pam.d/ and >> ldap logins work (console, ssh, telnet, ftp). >> >> $ grep -i ldap /etc/pam.d/* >> $ grep -i ldap /usr/local/etc/pam.d/* >> >> What am I missing? >> >> $ uname -v >> FreeBSD slrtr1 9.1-STABLE FreeBSD 9.1-STABLE #0 r250347... >> $ uname -m >> amd64 >> $ cat /etc/nsswitch.conf >> group: files ldap >> hosts: files dns >> networks: files >> passwd: files ldap >> shells: files >> services: files >> protocols: files >> rpc: files -- DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.1307151507130.8901>