Dashboard > Penrose 1.2 > ... > Naming Service for Linux > PAM LDAP
Penrose 1.2
PAM LDAP
Added by Endi S. Dewata, last edited by Endi S. Dewata on Jun 06, 2007  (view change)
Labels: 
(None)


Introduction

Penrose can be used as the authentication service for Linux using PAM LDAP (pam_ldap). See Naming Service for Linux.

Installing PAM LDAP

Some system comes with PAM LDAP installed already. On Red Hat it's part of the nss_ldap package. If your system doesn't have it already, you need to download and install the binaries.

Debian:

apt-get install libpam-ldap

Alternatively, you can build from the source code:

./configure
make
make install

Configuring PAM LDAP

You can use configure PAM manually by editing /etc/pam.d/system-auth or use the authconfig tool. Here is an example of PAM configuration.

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so

References
Site running on a free Atlassian Confluence Open Source Project License granted to Safehaus. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.4 Build:#809 Jun 12, 2007) - Bug/feature request - Contact Administrators