:: Re: [DNG] Implementing directory se…
Top Page
Delete this message
Reply to this message
Author: Lars Noodén
Date:  
To: dng
Subject: Re: [DNG] Implementing directory services/Kerberos
On 11/8/18 9:12 PM, Rick Moen wrote:
> Redirecting back on-list.
>
> Quoting wirelessduck@??? (wirelessduck@???):

[snip]
>> So my next question is, whats the recommended package to authenticate
>> with LDAP and allow users to login to a desktop via their LDAP
>> account? I've seen various options for PAM and NSS, but do I need to
>> configure both or just one?

[snip]
> I remember that you very much needed a PAM hook, because you're
> introducing a new and preferred authentication method for shell login.
> Offhand, I can't remember exactly _how_ NSS is part of this picture
> (being about name services, e.g., names of hosts), but NSS and PAM
> are pretty intertwined.

[snip]
If you are using keys for authentication then you would not need PAM, I
think. Using the AuthorizedKeysCommand directive to make an LDAP query
and retrieve the public key ought to be enough.

There is an example in this README file:

https://github.com/reyk/ldapclient

Apologies for using a Github link.

/Lars