RSS feed

Support for pam_ldap configuration

[Date Prev][Date Next] [Thread Prev][Thread Next]

Support for pam_ldap configuration

Hi Arthur,

I am submitting a patch, attached, for consideration to be included in the 
nss-pam-ldapd release:

Added pam_ldap configuration support with an additional NSLCD_ACTION_PAM_CONFIG 
protocol call to the server.
The call takes two types of requests:

(1) NSLCD_PAM_CONFIG_INIT: request for all available configuration flags, 
returned as an integer.
(2) Request for individual config parameter value. Currently
    NSLCD_PAM_PWD_PROHIBIT_MSG is implemented, which disallows
    passwd changes when pam_password_prohibit_msg paramter is specified on
    on server side.

The pam_ldap client side changes are #ifdef'ed NSLCD_PAM_CONFIG_SUPPORT. The 
OpenLDAP nssov server side implementation is provided in server_pam_config.c 
for reference.

The pam_ldap library is added with support to reject passwd changes, when 
configured so, similar to pam_password_prohibit_msg support in PADL. For 

    # passwd testuser
    Please change your password via
    Permission denied


Ted C. Cheng
Symas Corporation

Attachment: pam_config_support.tgz
Description: Binary data

To unsubscribe send an email to or see