:: Re: [DNG] Implementing directory se…
Página Inicial
Delete this message
Reply to this message
Autor: Héctor González
Data:  
Para: dng
Assunto: Re: [DNG] Implementing directory services/Kerberos

>> Quoting wirelessduck@??? (wirelessduck@???):
> [snip]
>>> So my next question is, whats the recommended package to authenticate
>>> with LDAP and allow users to login to a desktop via their LDAP
>>> account? I've seen various options for PAM and NSS, but do I need to
>>> configure both or just one?
> [snip]


You can use libpam-ldap for this, it handles the authentication part.
NSS is used to "populate" your passwd and group files from ldap, if you
need it. Your users will work with just the PAM part, but It´s easier
to use NSS so you can change permissions using usernames instead of
UIDs.

A "getent passwd user" will require libnss-ldap (and a working
/etc/libnss-ldap.conf which should be autogenerated)

If you choose to use nscd, you should replace the suggested-size passwd
option with a sufficient size for your expected amount of users, the
manual says it is a hash table, so it should be a prime number bigger
than double the amount of expected users -hint, the primes package from
bsdgames can find primes for you).

nscd acts as a cache for nss calls so you don´t flood your ldap server
with queries.

There is also nslcd, which I remember using with samba-ad, as nscd
didn´t like that ldap for some reason, and it has a different config
file /etc/nslcd.conf

I´d use nscd first, and if you run into trouble try nslcd.

--
Hector Gonzalez
cacho@???