> On Wed, Feb 16, 2000 at 12:58:11PM -0000, Kenn Humborg mentioned:
> > This reminds me... I must take the time to submit my
> > PAM hack to the OpenLDAP people.
>> Why, what didn't pam_ldap do for you ?
Other way around. Entries under ou=Personnel, o=Blue
Tree Systems, c=IE have a uid attribute that is set to their
network username and a UsePAMAuth attribute set to True.
Then whenever an LDAP client tries to bind to the
directory as, say, cn=Kenn Humborg, ou=Personnel,
o=Blue Tree Systems, c=IE, my patch checks for the
UsePAMAuth attribute. If this is True, the it fires
up PAM, sets application name to slapd, username to
the uid attribute value and password to the client-supplied
password, and asks PAM to authenticate
PAM then goes and does its thing, as directed by
/etc/pam.d/slapd. In my case, this uses pam_smb to
check the username and password against an NT domain
controller.
Kenn
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
