NSS vs. PAM in nss-pam-ldapd and Active Directory
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
NSS vs. PAM in nss-pam-ldapd and Active Directory
- From: Troy Engel <troy.engel [at] rackspace.com>
- To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: NSS vs. PAM in nss-pam-ldapd and Active Directory
- Date: Tue, 31 Jul 2012 09:02:57 -0500
Hi Arthur et. al,
I'm trying to understand the relationship between the two modules and if
we actually need both. If a RHEL6 server is configured to use KRB5
(/etc/krb5.conf, pam_krb5), are *both* nslcd.conf and pam_ldap.conf
(.so) needed? nsswitch.conf is the usual 'files ldap', Win2k8R2 AD.
It seems that we can comment out pam_ldap.so in system-auth (leaving
pam_krb5.so) and it works fine; I see the README indicates:
"The PAM module that is currently implemented contains functionality for
authentication, account management, password management and session
management. The nslcd daemon currently implements authentication,
authorisation and password modification. The OpenLDAP nssov overlay also
implements session functionality."
Does this mean NSS doesn't support groups from AD and this is a PAM
module function, or...? In practice, when is only one module needed over
the other or are both always required for some functionality I'm not
grasping?
Thanks for any insight! :)
-te
--
Troy Engel
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- NSS vs. PAM in nss-pam-ldapd and Active Directory,
Troy Engel