Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenLDAP + PAM
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
r3pek
Retired Dev
Retired Dev


Joined: 17 Sep 2003
Posts: 568
Location: Lisbon - Portugal

PostPosted: Sun Jan 04, 2004 7:11 pm    Post subject: OpenLDAP + PAM Reply with quote

hi,

i sucefully migrate the users/groups/hosts to LDAP using the tutorial from gentoo.org site. now i have to questions:

1st: when i change my password with "passwd", witch one am i changing? LDAP or /etc/shadow? in case of /etc/shadow, how can i change in the LDAP Server?

2nd: can i delete the files i migrated? /etc/hosts, /etc/group, /etc/passwd


thanks in advance :roll:
Back to top
View user's profile Send private message
esammer
Retired Dev
Retired Dev


Joined: 05 Apr 2003
Posts: 155
Location: NY, US

PostPosted: Mon Jan 05, 2004 7:43 am    Post subject: Reply with quote

Utilities like passwd, useradd, usermod, etc use pam (as you suggest) and have their own files in /etc/pam.d/* that specify which "backend' they use (shadow, ldap, mysql, etc.). First, you must have the net-libs/pam_ldap package emerged which provides the pam module for using ldap. You must also install net-libs/nss_ldap (the nsswitch ldap module) and configure /etc/nsswitch.conf properly.

As for getting rid of the original files, DO NOT DO IT. On the off chance the ldap server can't start up or you have to boot into single user mode to fix a disk, you'll have a hard time logging in with no passwd or shadow files. :P

Consider them backups (and you should periodically keep them up to date by exporting ldap user info to flat files).

HTH.
Back to top
View user's profile Send private message
r3pek
Retired Dev
Retired Dev


Joined: 17 Sep 2003
Posts: 568
Location: Lisbon - Portugal

PostPosted: Mon Jan 05, 2004 6:12 pm    Post subject: Reply with quote

thanks for the info....

i have all the things working. :D
Back to top
View user's profile Send private message
esammer
Retired Dev
Retired Dev


Joined: 05 Apr 2003
Posts: 155
Location: NY, US

PostPosted: Mon Jan 05, 2004 8:26 pm    Post subject: Reply with quote

Fantastic. Setting up ldap auth can be a pain, but it's worth it if you have a lot of boxes.
Back to top
View user's profile Send private message
r3pek
Retired Dev
Retired Dev


Joined: 17 Sep 2003
Posts: 568
Location: Lisbon - Portugal

PostPosted: Tue Jan 06, 2004 12:53 am    Post subject: Reply with quote

i don't really have a lot of boxes... :(

just wanted to learn something new and how to configure it properly 8)
Back to top
View user's profile Send private message
esammer
Retired Dev
Retired Dev


Joined: 05 Apr 2003
Posts: 155
Location: NY, US

PostPosted: Tue Jan 06, 2004 2:43 am    Post subject: Reply with quote

That is an equally good reason. :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum