On 11/8/18 9:12 PM, Rick Moen wrote:
> Redirecting back on-list.
>
> Quoting wirelessduck@??? (wirelessduck@???):
[snip]
>> So my next question is, whats the recommended package to authenticate
>> with LDAP and allow users to login to a desktop via their LDAP
>> account? I've seen various options for PAM and NSS, but do I need to
>> configure both or just one?
[snip]
> I remember that you very much needed a PAM hook, because you're
> introducing a new and preferred authentication method for shell login.
> Offhand, I can't remember exactly _how_ NSS is part of this picture
> (being about name services, e.g., names of hosts), but NSS and PAM
> are pretty intertwined.
[snip]
If you are using keys for authentication then you would not need PAM, I
think. Using the AuthorizedKeysCommand directive to make an LDAP query
and retrieve the public key ought to be enough.
There is an example in this README file:
https://github.com/reyk/ldapclient
Apologies for using a Github link.
/Lars