Hello, I am new to this group & subject. I have some query on pam_ldap, nss_ldap I downloaded the latest openpam-20120526, openldap-2.4.35, pam_ldap-186, nss_ldap-265 (from PADL.com) I want to enable PAM with authentication from remote LDAP server. I am not clear of minimum package requirement, full flow, configurations and whether some deamon is involved.
From README of pam_ldap-186:
Here are some possible deployment scenarios: o pam_ldap with account information in /etc flat files, kept manually in sync with LDAP o pam_ldap with account information in LDAP, using nss_ldap o pam_ldap with account information in NIS, using ypldapd It looks like PAM is coupled with NSS. For “pam_ldap” to work with LDAP, nss_ldap is needed. On Ubuntu synaptic also, I found that both pam_ldap, nss_ldap packages have to be installed or removed together. I browsed the source code of pam_ldap and it was directly using openldap APIs. Did not find pam_ldap directly using nss_ldap APIs. I want PAM LDAP functionality, without NSS, unless nss_ldap is mandated by pam_ldap. Is pam_ldap using nss_ldap at runtime? Is some deamon like nslcd or nscd created by nss_ldap to serve NSS LDAP requests? Is the deamon needed? Can the PAM LDAP functionality work without nss_ldap or deamon nslcd? Also which package or deamon reads nsswitch.conf? Opennss? How is the flow from pam_ldap to nss_ldap? Is the below flow correct? openpam -> pam.d -> pam_ldap -> nss_ldap -> nslcd -> nsswitch.conf -> openldap -> ldap.conf Can we remove nss_ldap or kill nslcd and make pam_ldap work with openldap? Please let me know if some information is not clear. Thank you very much in advance, Krishna -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org