Penguin
Recent Changes
Diff: LDAPAuthentication
EditPageHistoryDiffInfoLikePages

Differences between version 16 and predecessor to the previous major change of LDAPAuthentication.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 16 Last edited on Wednesday, January 14, 2004 12:59:21 pm by PerryLorier Revert
Older page: version 13 Last edited on Tuesday, January 13, 2004 2:17:55 pm by AlbanBrowaeys Revert
@@ -31,8 +31,9 @@
  MAY rfc822MailMember 
 
  
 Seemed to work for me, or at least, it stopped the migration script from barfing halfway through. 
+  
 Update: /etc/ldap/schema/rfc822.schema is a substract of /etc/ldap/schema/misc.schema . You can either use rfc822.schema as shown above or add: 
  include /etc/ldap/schema/misc.schema 
 atop the /etc/ldap/slapd.conf file. Then restart slapd. 
  
@@ -146,13 +147,9 @@
 Configuring clients to authentication off your [LDAP] server is pretty easy. Just run authconfig and select LDAP where nessessary and enter in your server settings. It is advisable to enable TLS as without it passwords are sent over your network in clear text. 
  
 The only "tweak" I made was to edit /etc/pam_ldap.conf to have the "pam_password" attribute set to "exop". In my experiementation I could only get the "clear", "crypt", and "exop" pam_password methods working. MD5 always failed. I think it might have had something to do with the way OpenLDAP & GQ were interacting when setting passwords encoded with MD5 tho. You might have better luck. Anyway when you use "pam_password exop" and then use passwd(1) to set your passwords in the LDAP directory they are stored encrypted using the very secure SSHA algorythm. 
  
-__Note:__ I think I discovered a bug in authconfig. If you run it multiple times it can bugger up you /etc/pam.d/system-auth file. It appears to append lines to the end of existing configurations. So you end up with lines like this:  
-  
- password sufficient /lib/security/pam_ldap.so use_authtokpassword sufficient /lib/security/pam_ldap.so  
-  
- This is bad. You need to make sure your system-auth file is properly setup. It should look like this: 
+__Note:__ I think I discovered a bug in authconfig. If you run it multiple times it can bugger up you /etc/pam.d/system-auth file. It appears to append lines to the end of existing configurations. This is bad. You need to make sure your system-auth file is properly setup. It should look like this: 
  
  auth required /lib/security/pam_env.so 
  auth sufficient /lib/security/pam_unix.so likeauth nullok 
  auth sufficient /lib/security/pam_ldap.so use_first_pass