Re: Can I use pam_ldap without nss?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Jonathan Bowman <bowmanjd [at] lancastermennonite.org>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Can I use pam_ldap without nss?
Date: Fri, 15 Jun 2018 17:36:41 +0200

On Fri, 2018-06-15 at 07:11 -0400, Jonathan Bowman wrote:
> On Alpine linux, a lightweight distro based on musl, libnss_ldap.so.2
> does not compile, as glibc is unavailable.
> 
> However, Alpine does have the nss-pam-ldapd package, which includes
> everything but nss. It even has a running nslcd, but without
> libnss_ldap linked.
> 
> Is there any way I can use the parts that are working? In other
> words, how might one use pam_ldap without nss?

The PAM stack is more or less separate from the NSS stack but for it to
work correctly the user accounts will have to be available on the
system. So having the users available from NSS (i.e. `getent passwd
username` works) is a prerequisite to be able to log in using PAM with
that username.

I know there are a number of systems that populate /etc/passwd and
/etc/shadow with information from LDAP (but I don't know of any nicely
packaged solutions that do that). Then you would only use PAM for the
password authentication and possible access controls.

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Can I use pam_ldap without nss?, Jonathan Bowman
- Re: Can I use pam_ldap without nss?, Arthur de Jong

Prev by Date: Can I use pam_ldap without nss?
Next by Date: Question on potential workaround for supporting password change on non-compliant RFC 3062 LDAP server.
Previous by thread: Can I use pam_ldap without nss?
Next by thread: Re: Can I use pam_ldap without nss?