HPE Community
Operating System - HP-UX
1832423 Members
3261 Online
110042 Solutions
New Discussion

Re: pam and nsswitch for authentification

 
cart
Advisor

‎12-11-2003 10:03 PM

‎12-11-2003 10:03 PM

pam and nsswitch for authentification

Hi,

I have an unclear understanding on how pam and nsswitch are used.
When do we authenticate using nsswitch, when do we use PAM?
Does my question even make sence? Maybe we use both?
Does pam_unix always refer to nsswitch?

I'm reading ldapux client docs and information are quite confusing.
If I authenticate through nsswitch, the user-given-passwd if uncrypted and compare to the one from the database. As a result the password much be kept in crypt format in the database (ldap).

If I authenticate through PAM with pam_ldap, the password is send clear to the directory server. This way I can have the password stored in another format. But in this case, nsswitch-ldap-authentification will not be able to check the password.

So I thought I wanted to setup nsswitch.conf to search ldap, for everything but the passwd database...
Do you think this will be a problem for some application?

Also, what confuses me, is that in some diagram, where you can see how authentification works, you have a direct link between the login process and the nss library...

Help will be very welcomed!!!!
Sundance
0 Kudos
Reply
2 REPLIES 2
Vijaya Kumar_3
Respected Contributor

‎12-11-2003 10:23 PM

‎12-11-2003 10:23 PM

Re: pam and nsswitch for authentification

Hi Sundance

I am working on exactly what you are trying to do.
Please refer to following thread

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=296768

I will recommend you following links:

http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/ch-pam.html
http://docs.hp.com/cgi-bin/otsearch/getfile?id=/hpux/onlinedocs/internet/uxint.html&searchterms=ldap&queryid=20011004-191951

thanks
vijay





Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0 Kudos
Reply
Vijaya Kumar_3
Respected Contributor

‎12-11-2003 10:29 PM

‎12-11-2003 10:29 PM

Re: pam and nsswitch for authentification

btw, here is how it works!!!

/etc/pam.conf (/etc/pam.d/system-auth for Linux) is the PAM configuration file for HP-UX. You may need to read the Redhat Manual about how PAM works at this point.

You are also required to use /etc/nsswitch.conf to show users, groups and passwords databases.

And finally you need /etc/ldap.conf (Part of NSS_LDAP software from PADL.COM)

Hope this helps.

I am sorry but I am not sure about LDAP/UX. Both PAM_LDAP and NSS_LDAP would be enough for LDAP/Active Directory authentication, i hope.

Thanks
Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.