Support for pam_ldap configuration

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Ted Cheng <tedcheng [at] symas.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>, Howard Chu <hyc [at] symas.com>
Subject: Support for pam_ldap configuration
Date: Mon, 2 Jul 2012 16:07:51 -0700

Hi Arthur,

I am submitting a patch, attached, for consideration to be included in the 
nss-pam-ldapd release:

Added pam_ldap configuration support with an additional NSLCD_ACTION_PAM_CONFIG 
protocol call to the server.
The call takes two types of requests:

(1) NSLCD_PAM_CONFIG_INIT: request for all available configuration flags, 
returned as an integer.
(2) Request for individual config parameter value. Currently
    NSLCD_PAM_PWD_PROHIBIT_MSG is implemented, which disallows
    passwd changes when pam_password_prohibit_msg paramter is specified on
    on server side.

The pam_ldap client side changes are #ifdef'ed NSLCD_PAM_CONFIG_SUPPORT. The 
OpenLDAP nssov server side implementation is provided in server_pam_config.c 
for reference.


The pam_ldap library is added with support to reject passwd changes, when 
configured so, similar to pam_password_prohibit_msg support in PADL. For 
example,

    # passwd testuser
    Please change your password via www.example.com
    Permission denied


Thanks,

Ted C. Cheng
Symas Corporation

Attachment: pam_config_support.tgz
Description: Binary data

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: memberUid mappings in AD, (continued)

Prev by Date: Re: --disable-nslcd, nssov, and local user lookups
Next by Date: Re: Support for pam_ldap configuration
Previous by thread: Re: memberUid mappings in AD
Next by thread: Re: Support for pam_ldap configuration