[netatalk-admins] LDAP, PAM, and netatalk

Subject: [netatalk-admins] LDAP, PAM, and netatalk
From: Kevin Myer (kevin_myer@elanco.k12.pa.us)
Date: Thu Jun 03 1999 - 12:48:55 EDT

• Next message: a sun: "Re: [netatalk-admins] RE: Jukeboxing Netatalk"
• Previous message: Harry Zink/Netatalk List: "Re: [netatalk-admins] printing authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am curious if anyone considered putting LDAP hooks in netatalk for
authentication purposes. I am currently trying to move all my Linux based
systems to a single directory server for authentication, access control,
etc. I have been using a combination of Red Hat Linux 5.2, kernel 2.2.X,
OpenLDAP 1.2.1, Samba (HEAD-CVS version - 2.1-prealpha) and netatalk
asun2.1.3, as well as the pam_ldap and nss_ldap modules from www.padl.com.
After immersing myself in LDAP and reading up on PAM, I can get my systems
to do a bit of authentication here and there from the LDAP server but its
definitely not a well oiled machine (but oh, if it were - a single
directory to administer UNIX, NT, and AppleShare accounts from, across a
whole school district...yumm!)

My problem is now in understanding how netatalk works with PAM. First, in
the Makefile, the PAM location is defined as /usr by default. Is this
asking for my PAM modules (/lib/security), PAM source or what? Secondly,
even though I have a netatalk file in /etc/pam.d it doesn't appear to be
use my pam_ldap module at all. Here is what I have tried -

1) netatalk login normally, no LDAP backend. Success with user in
/etc/passwd, failure with bogus user.

2) netatalk login normally, with LDAP backend and PAM LDAP support.
Success with previous user, failure with bogus user with message "Sorry,
the password you entered is incorrect. Please reenter it".

3) telnet to box, login normally with LDAP backend and PAM LDAP support.
Success with previous user AND success with user that is ONLY in the LDAP
directory service.

So it seems that netatalk really isn't using PAM for me at all - its just
doing straight /etc/passwd lookups. Anyone got PAM working with netatalk
on a Red Hat system? Let me know what the tricks are (if any) :)

Thanks,

Kevin

-- 
     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\
   ^`~'^

• Next message: a sun: "Re: [netatalk-admins] RE: Jukeboxing Netatalk"
• Previous message: Harry Zink/Netatalk List: "Re: [netatalk-admins] printing authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:47 EST