[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] AccessSpace NIS (lots of Q's)
Hi All, (but particularly Alex)
Erm... I think I'm getting a bit confused about LDAP here. Okay, so
you have PAM running on each client machine which is process which
basically says, "There's more than one way to authenticate to this
box". But what does it do? Is PAM a daemon? In which case what sort
of information is it waiting for? Logins, some kind of "authenticate
me" packets, or what?
>Not really!! LDAP is much like a database - it just holds information.
Okay, so LDAP holds account information, including permissions. So
(presumably) an LDAP client (i.e. a user on one of our machines)
contacts the LDAP server, and says "this is who I am and this is my
password". Then what does the LDAP server do in response? Send back
some kind of information to the client, presumably. Does that
returned information have something to do with PAM?
Please clarify (sorry for being so dumb about this...)
>The PAM modules you get for LDAP query the database for account
>information, and use that instead of /etc/passwd (for example).
Ahhh! So let me get this straight. Is what you're saying that you
have an "LDAP PAM module" running on each client machine as a daemon?
When the user tries to log on to the client machine, the PAM module
intercepts the logon attempt and refers it to the LDAP server for
authentication???
If so, does this mean that an "LDAP PAM Module" is, effectively, an
LDAP client?
Therefore, doesn't that mean that the "LDAP Server" is, effectively,
an authentication server??
Please help! I still can't quite get my head around who does what...
Cheers,
James
=====
--
who: James Wallbank
org: Redundant Technology Initiative
tel: +44 114 2495522
fax: +44 114 2495533
eml: rti [at] lowtech.org
web: www.lowtech.org
loc: Access Space
1 Sidney Street
Sheffield
S1 4RG
UK
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.