Pam unix vs. pam ldap

From Brandonhutchinson.com

Revision as of 21:21, 14 December 2007 by Hutch (Talk | contribs)

(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)

Jump to: navigation, search

pam_unix

The userPassword attribute must be non-null
The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) must have read and search privileges for the userPassword attribute; i.e., ldaplist -l passwd will return all password hashes, similar to ypcat passwd in a NIS environment
Requires passwords to be stored in {crypt} format on the LDAP server

pam_ldap

The proxy agent (e.g., cn=proxyagent,ou=profile,dc=example,dc=com) does not need read and search privileges for the userPassword attribute

$ ssh user@host
$ Password:

What happens next?

Retrieved from "http://brandonhutchinson.com/wiki/Pam_unix_vs._pam_ldap"

Views

Personal tools

Log in / create account

Search

Toolbox