diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2013-March/023772.html')
-rw-r--r-- | zarb-ml/mageia-dev/2013-March/023772.html | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2013-March/023772.html b/zarb-ml/mageia-dev/2013-March/023772.html new file mode 100644 index 000000000..fb71e38e9 --- /dev/null +++ b/zarb-ml/mageia-dev/2013-March/023772.html @@ -0,0 +1,104 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Help needed with ldap server.and gdm. + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Help%20needed%20with%20ldap%20server.and%20gdm.&In-Reply-To=%3C514EE849.6030800%40gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="023757.html"> + <LINK REL="Next" HREF="023763.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Help needed with ldap server.and gdm.</H1> + <B>Guillaume Rousse</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Help%20needed%20with%20ldap%20server.and%20gdm.&In-Reply-To=%3C514EE849.6030800%40gmail.com%3E" + TITLE="[Mageia-dev] Help needed with ldap server.and gdm.">guillomovitch at gmail.com + </A><BR> + <I>Sun Mar 24 12:49:29 CET 2013</I> + <P><UL> + <LI>Previous message: <A HREF="023757.html">[Mageia-dev] Help needed with ldap server.and gdm. +</A></li> + <LI>Next message: <A HREF="023763.html">[Mageia-dev] freeze push : snort +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#23772">[ date ]</a> + <a href="thread.html#23772">[ thread ]</a> + <a href="subject.html#23772">[ subject ]</a> + <a href="author.html#23772">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le 23/03/2013 21:41, David W. Hodgins a écrit : +><i> Any suggestions? +</I>You're mixing issues here. + +pam only deals with authentication and authorization. The problem is not +to make a choice from pam_unix, or pam_pwdb, or pam_tcb, but to express +the fact than an user can authenticate from either local password +database or ldap passwd database: +auth sufficient pam_unix +auth sufficient pam_ldap use_first_pass +auth required pam_deny.so + +Most modules accept debug option to help troubleshooting. + +Once you resolved your authentication and authorization issues for both +users (console login, su, whatever), you can deal with the list of +people enumerated in gdm, but in gdm configuration. + +Also, the documentation you're using is a bit outdated: +- bdb makes more sense today than ldbm as storage backend +- ssha is a better choice than crypt for default password encoding scheme +- using a rootdn with a password defined in slapd.conf is quite discussable +- ACLs such as 'access to dn=".*,dc=mylan,dc=net"' would better be +defined as 'access to dn.subtree="dc=mylan,dc=net"' (no regex involved) +- examples given use rfc2307 schema, whereas rfc2307bis (group +membership defined through dn, not uids) is a better choice +- and more important: nss_ldap and pam_ldap are getting deprecated +nowadays, in favor or nss_pam_slapd, or sssd. + +-- +BOFH excuse #235: + +The new frame relay network hasn't bedded down the software loop +transmitter yet. +</PRE> + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="023757.html">[Mageia-dev] Help needed with ldap server.and gdm. +</A></li> + <LI>Next message: <A HREF="023763.html">[Mageia-dev] freeze push : snort +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#23772">[ date ]</a> + <a href="thread.html#23772">[ thread ]</a> + <a href="subject.html#23772">[ subject ]</a> + <a href="author.html#23772">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |