Pam unix vs. pam ldap
From Brandonhutchinson.com
(Difference between revisions)
(New page: === pam_unix === * The '''userPassword''' attribute must be non-null * The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) must have read and search privileges for the '''u...) |
(→pam_unix) |
||
| Line 2: | Line 2: | ||
* The '''userPassword''' attribute must be non-null | * The '''userPassword''' attribute must be non-null | ||
| - | * The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) must have read and search privileges for the '''userPassword''' attribute; i.e., '''ldaplist -l passwd''' will return all password hashes, similar to '''ypcat passwd''' in a NIS environment | + | * The proxy agent (e.g., '''cn=proxyagent,ou=profile,dc=example,dc=com''') must have read and search privileges for the '''userPassword''' attribute; i.e., '''ldaplist -l passwd''' will return all password hashes, similar to '''ypcat passwd''' in a NIS environment |
* Requires passwords to be stored in '''{crypt}''' format on the LDAP server | * Requires passwords to be stored in '''{crypt}''' format on the LDAP server | ||
Revision as of 21:22, 14 December 2007
pam_unix
- The userPassword attribute must be non-null
- The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) must have read and search privileges for the userPassword attribute; i.e., ldaplist -l passwd will return all password hashes, similar to ypcat passwd in a NIS environment
- Requires passwords to be stored in {crypt} format on the LDAP server
pam_ldap
- The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) does not need read and search privileges for the userPassword attribute
$ ssh user@host $ Password:
What happens next?
