Satya's blog - LDAP/Kerberos login with local accounts

Sep 27 2009 15:56	LDAP/Kerberos login with local accounts	[link]

Suppose your organization uses LDAP authorization, and maybe kerberos, and you have a Debian-based box with PAM (Pluggable Authentication Modules). Then, in /etc/pam.d/, you need:

# /etc/pam.d/common-auth :
auth    sufficient      pam_unix.so nullok_secure
auth    sufficient      pam_krb5.so use_first_pass
auth required pam_deny.so

# /etc/pam.d/common-password :
password   required   pam_unix.so nullok obscure min=8 max=16 md5

# /etc/pam.d/common-session :
session required        pam_unix.so

Only the pam_krb5 line is required, the rest are provided for completeness.

Tag: geeky sysadmin

RSS feed
Livejournal

Up one level
Tree view
Blog main page
Tags
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012