Re: combine pam-usb and pam-ldapd ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: combine pam-usb and pam-ldapd ?
Date: Sun, 11 Dec 2011 23:38:36 +0100

On Sun, 2011-12-11 at 19:42 +0100, Karl Kashofer wrote:
> I understand that pam-ldapd will allow me to
> - do the user management and authentication on a central ldap server
> - mount the users ~home directory from a central nfs/samba server

The nss-pam-ldapd PAM module only does the authentication and
authorisation checks via LDAP. It doesn't do mounting (but autofs,
simple mounts or pam_mount can do that).

> I would really want to have users authenticated by a private key on a
> usb stick, with/without a password.
> 
> This seems to be what pam-usb does for local users. Do you think it
> would be possible to somehow get the pam-usb functionality into
> pam-ldapd ?

You can probably do without libpam_ldapd then, just use libnss_ldapd to
provide the user information from LDAP. You could keep libpam_ldapd
around to do authorisation checks (account expiry) or provide a fallback
authentication mechanism, depending on your PAM config.

I don't have any experience with pam_usb so can't comment on that.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

combine pam-usb and pam-ldapd ?, Karl Kashofer
- Re: combine pam-usb and pam-ldapd ?, Arthur de Jong

Prev by Date: combine pam-usb and pam-ldapd ?
Next by Date: Re: combine pam-usb and pam-ldapd ?
Previous by thread: combine pam-usb and pam-ldapd ?
Next by thread: Re: combine pam-usb and pam-ldapd ?