Hosting Provided By

Re: PAM + LDAP and SSH

From: Martin Marcher <martin.marcher(at)gmail.com>
Date: Tue Aug 07 2007 - 04:46:12 EDT

Hello,

On 8/1/07, Bhasker C V <bhasker@unixindia.com> wrote:
> If you do not want LDAP based authentication then you can
> edit the nsswitch.conf file (passwd and shadow) to
> point to appropriate values ? like files, yp
> for local and NIS auth only.

the problem with that is that you then don't have any information about the users available.

If you need to have "getent passwd" list the users in your ldap and don't want them to be able to login just don't mess around with pam, and stick with libnss-ldap only.

If, on the other hand you need some users to be able to login a pam_filter is apropriate since you can easily use the host or authorizedService attribute (or any other attribute for that matter) to check account validity for a certain box/host.

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Aug 7 04:46:30 2007

This message: [ Message body ]
Next message: Mathias Brodala: "Re: Virtual Machines/Emulators"
Previous message: x3n: "Re: How to force update second DNS server"
Maybe in reply to: Allan Senna Porto: "PAM + LDAP and SSH"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 18:53:45 EDT