Re: combine pam-usb and pam-ldapd ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Hatem Nassrat <hatem [at] genieknows.com>
To: Tim White <weirdit [at] gmail.com>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: combine pam-usb and pam-ldapd ?
Date: Mon, 12 Dec 2011 01:12:09 -0400

On Sun, Dec 11, 2011 at 10:04 PM, Tim White <weirdit [at] gmail.com> wrote:

On 12/12/11 06:38, Arthur de Jong wrote:

I would really want to have users authenticated by a private key on a
usb stick, with/without a password.

[...]

Correctly setup, PAM is designed to be modular. So you can for example, use libnss to provide all the passwd/group information, and then use pam_usb to attempt to authenticate, and then failback to libpam_ldapd on failure. Do some reading into pam (man pam, man pam.conf) and

I believe what he is trying to do is to store the public keys in ldap somehow. I think a quicker approach maybe to use autofs with pam-usb rather than pam-ldap.

It took me a while to figure out what you are wanting to do, somehow adding to the ldap schema to add a public key to each user as well as modifying the pam side to lookup the key and do what pam-usb does. This does seem like a lot of work though ...

Hatem Nassrat
Chief Technical Officer
T: (902) 431-4847 ext. 112
F: (902) 431-4848

The opinions expressed are those of the individual and not the company. Internet communications are not secure and therefore GenieKnows Inc. ("the company") does not accept liability for any claims arising as a result of the use of this medium for transmissions by or to the company. This email and any files transmitted with it are confidential. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. Whilst we take every reasonable precaution to screen out computer viruses from emails, attachments to the email may contain such viruses. We cannot accept liability for loss or damage resulting from such viruses. GenieKnows Inc. registered office: 1567 Argyle Street, Halifax, Nova Scotia, B3J 2B2, Canada.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

combine pam-usb and pam-ldapd ?, Karl Kashofer
- Re: combine pam-usb and pam-ldapd ?, Arthur de Jong
  - Re: combine pam-usb and pam-ldapd ?, Tim White
    - Re: combine pam-usb and pam-ldapd ?, Hatem Nassrat

Prev by Date: Re: combine pam-usb and pam-ldapd ?
Next by Date: Re: combine pam-usb and pam-ldapd ?
Previous by thread: Re: combine pam-usb and pam-ldapd ?
Next by thread: Re: combine pam-usb and pam-ldapd ?