RSS feed

Re: combine pam-usb and pam-ldapd ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: combine pam-usb and pam-ldapd ?

On Sun, 2011-12-11 at 19:42 +0100, Karl Kashofer wrote:
> I understand that pam-ldapd will allow me to
> - do the user management and authentication on a central ldap server
> - mount the users ~home directory from a central nfs/samba server

The nss-pam-ldapd PAM module only does the authentication and
authorisation checks via LDAP. It doesn't do mounting (but autofs,
simple mounts or pam_mount can do that).

> I would really want to have users authenticated by a private key on a
> usb stick, with/without a password.
> This seems to be what pam-usb does for local users. Do you think it
> would be possible to somehow get the pam-usb functionality into
> pam-ldapd ?

You can probably do without libpam_ldapd then, just use libnss_ldapd to
provide the user information from LDAP. You could keep libpam_ldapd
around to do authorisation checks (account expiry) or provide a fallback
authentication mechanism, depending on your PAM config.

I don't have any experience with pam_usb so can't comment on that.

Hope this helps,

-- arthur - - --
To unsubscribe send an email to or see