Re: Regarding password validation bypass
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Regarding password validation bypass
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Mohamed Hussain <pshussain [at] gmail.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Regarding password validation bypass
- Date: Fri, 14 Apr 2023 16:09:05 +0200
On Fri, 2023-04-14 at 01:35 +0530, Mohamed Hussain wrote:
> I am working on nslcd with pam_ldap for authentication to VM. I am
> implementing decentralized identity to bypass password based
> authentication. In that, I am seeing nslcd is validating the password
> even though the user exists in the ldap server by ldap search
> operation. Is there any way to bypass password authentication while
> ldap search results send the NSLCD_SUCCESS response code. Please let
> me know.
Authentication and identity management are separate things.
Authentication is done through PAM and the PAM stack determines how
authentication is doen (passwords, Kerberos, etc.). User identification
goes through NSS (nss-pam-ldapd provides both an NSS module and a PAM
module).
If you only need the user to exist in NSS and you do not want any
further authentication you may want to look at the pam_permit module.
However, be warned that you should test this very carefully to not
accidentally allow access by untrusted parties (this depends on your
security model).
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --