The pam_ldap Module
Pluggable Authentication Modules (PAM) are implemented as shared libraries that distance applications from the details of account data storage, mechanisms used to authenticate users, and service authorization processes. PADL Software has developed a pam_ldap module, supported on FreeBSD, HP-UX, Linux, Mac OS 10.2, and Solaris, as part of a reference implementation for RFC 2307. This module allows you to take advantage of LDAP in PAM-aware applications and operating systems. You can download the pam_ldap source code from http://www.padl.com/OSS/pam_ldap.html. Most Linux distributions include PADL’s pam_ldap and nss_ldap modules with the operating system. You should remove these packages first if you plan to build the latest version from source.
Warning
The pam_ldap and nss_ldap libraries included with Solaris as part of the operating system installation are Sun’s own creation and should not be confused with the modules discussed in this chapter.
Once you have obtained and extracted the pam_ldap source code, building the module is a familiar process:
$ ./configure $ make $ /bin/su -c "make install"
PADL’s PAM and NSS libraries can make use of the Netscape LDAP SDK and the original University of Michigan LDAP SDK, in addition to the OpenLDAP client libraries. The configure script attempts to determine which of these packages is installed on the local system. If you need to inform the configure script which LDAP client libraries you have installed and where, use the ...
Get LDAP System Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
