On Mon, 15 Jul 2013, Michael Loftis wrote:
nss_ldap fulfills most of the get*ent calls, thus based on the bits of
your configuration you've exposed I think you're ending up with that
behavior and not using pam_ldap at all. Instead the authentication is
happening via nsswitch fulfilling getpwent() call's (the passwd: files
ldap line in nsswitch.conf)
Ok, thanks. But shouldn't the documentation be changed
to reflect that?
On Mon, Jul 15, 2013 at 11:51 AM, Daniel Eischen <deisc...@freebsd.org> wrote:
There's an article on LDAP authentication on FreeBSD here:
http://www.freebsd.org/doc/en/articles/ldap-auth/article.html#client
I'm confused as to why pam_ldap and nss_ldap do not need
/etc/pam.d entries, as described in the above link in
section 3.1.1. Meaning, I do not have any ldap entries
in my /etc/pam.d/ or even /usr/local/etc/pam.d/ and
ldap logins work (console, ssh, telnet, ftp).
$ grep -i ldap /etc/pam.d/*
$ grep -i ldap /usr/local/etc/pam.d/*
What am I missing?
$ uname -v
FreeBSD slrtr1 9.1-STABLE FreeBSD 9.1-STABLE #0 r250347...
$ uname -m
amd64
$ cat /etc/nsswitch.conf
group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shells: files
services: files
protocols: files
rpc: files
--
DE
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
