mirror, mirror on the wall

mirror, mirror on the wall

ldap authentication

Posted on .


##### CentOS 5.5

$ less /etc/ldap.conf
host    192.168.100.2
suffix          "dc=chaosophia,dc=net"
timelimit 5
bind_timelimit 5
uri ldaps://ldap.chaosophia.net/
pam_password exop
pam_filter objectclass=posixAccount
pam_login_attribute uid
nss_base_passwd ou=people,dc=chaosophia,dc=net
nss_base_shadow ou=people,dc=chaosophia,dc=net
nss_base_group  ou=groups,dc=chaosophia,dc=net
TLS_REQCERT     allow
ssl yes
$ less /etc/nsswitch.conf
passwd:     files ldap
shadow:     files ldap
group:      files ldap
$ less /etc/pam.d/system-auth-ac
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        sufficient    pam_ldap.so use_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account    sufficient   pam_ldap.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
password   sufficient   pam_ldap.so use_first_pass
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session    optional     pam_ldap.so

About

github

Creative Commons

RSS