On Saturday 22 October 2011 17:58:56 DJ Lucas wrote:
> # Begin /etc/pam.d/system-auth
>
> auth sufficient pam_ldap.so
> auth required pam_unix.so use_first_pass
>
> # End /etc/pam.d/system-auth
>
> In the example above, pam_ldap was checked first, it provided the
> passing vote so to speak, in this case the success auth token is passed
> to the required pam_unix module. The use_first_pass directive to
> pam_unix allows it to use the information obtained from the previous
> module in its own evaluation of the requirement. A simple example, but
> one that works for system I was speaking about last night. If pam_ldap
> fails to auth, then using sufficient allows pam_unix to ignore the
> previous one and fall back to /etc files (shadow).
>
> I hope I explained that well enough, though I'm sure the terminology is
> incorrect. It is spelled out a lot better in the link provided in the
> book for the System Administrator's guide (which unfortunately was on
> kernel.org). Here is a copy of it:
> http://debian.securedservers.com/kernel/pub/linux/libs/pam/Linux-PAM-html/L
> inux-PAM_SAG.html . While I'm not familiar with SmartCard login, if there
> is a method to get that info into the system via nss and auth via PAM (or
> any other nss combination you can dream up be it in LDAP or otherwise),
> then you would use a similar technique to get the PAM info from the
> smartcard module to pam_unix and thus meet the required auth.
>
> The above reads horribly and my terminology is probably wrong...I'm
> sorry about that, but I have to leave again and am out of time for
> today. I hope that gets you going in the right direction. The
> administrators guide is really what you need to fully understand it.
> I'll try and look it up myself when I have a little more time to spare
> and give you a more technically correct answer with proper terms and
> maybe some additional suggestions.
>
> -- DJ Lucas
##########
this excerpt:-
{{ Edit /etc/default/slapd and allow the LDAP service to listen for IPC
connections (i.e. Unix domain sockets) by adding this line to the end of the
file:
SLAPD_SERVICES="ldap:/// ldapi:///" }}
AND this one:-
{{ Edit /etc/default/slapd and uncomment a line near the end of the file that
will export the location of the Kerberos system keytab file as a variable:
export KRB5_KTNAME=/etc/krb5.keytab }}
comes from this link:-
http://www.rjsystems.nl/en/2100-kerberos-openldap-provider.php
it is for a debian system and I checked on the blfs setup I am using and
there is an /etc/defaults directory but no /etc/default/slapd
.
The quesion is?:-
Is /etc/default/slapd important as described in the excerpts ? And if so how
what are the contents/properties of this file?
Advice would be much appreciated.
sincerely
lux-integ
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
