[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] AccessSpace NIS (lots of Q's)

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] AccessSpace NIS (lots of Q's)
From: James Wallbank <nospam [at] lowtech.org>
Date: Wed, 4 Apr 2001 16:14:08 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

Hi All, (but particularly Alex)

Erm... I think I'm getting a bit confused about LDAP here. Okay, so 
you have PAM running on each client machine which is process which 
basically says, "There's more than one way to authenticate to this 
box". But what does it do? Is PAM a daemon? In which case what sort 
of information is it waiting for? Logins, some kind of "authenticate 
me" packets, or what?

>Not really!! LDAP is much like a database - it just holds information.

Okay, so LDAP holds account information, including permissions. So 
(presumably) an LDAP client (i.e. a user on one of our machines) 
contacts the LDAP server, and says "this is who I am and this is my 
password". Then what does the LDAP server do in response? Send back 
some kind of information to the client, presumably. Does that 
returned information have something to do with PAM?

Please clarify (sorry for being so dumb about this...)

>The PAM modules you get for LDAP query the database for account 
>information, and use that instead of /etc/passwd (for example).

Ahhh! So let me get this straight. Is what you're saying that you 
have an "LDAP PAM module" running on each client machine as a daemon? 
When the user tries to log on to the client machine, the PAM module 
intercepts the logon attempt and refers it to the LDAP server for 
authentication???

If so, does this mean that an "LDAP PAM Module" is, effectively, an 
LDAP client?

Therefore, doesn't that mean that the "LDAP Server" is, effectively, 
an authentication server??

Please help! I still can't quite get my head around who does what...

Cheers,

James
=====
-- 
who: James Wallbank
org: Redundant Technology Initiative
tel: +44 114 2495522
fax: +44 114 2495533
eml: rti [at] lowtech.org
web: www.lowtech.org
loc: Access Space
      1 Sidney Street
      Sheffield
      S1 4RG
      UK
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] AccessSpace NIS (lots of Q's)
  - From: home [at] alexhudson.com

References:
- [Sheflug] AccessSpace NIS (lots of Q's)
  - From: James Wallbank <james [at] lowtech.org>
- Re: [Sheflug] AccessSpace NIS (lots of Q's)
  - From: home [at] alexhudson.com

Prev by Date: Re: [Sheflug] Linux Magazine
Next by Date: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Prev by thread: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Next by thread: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Index(es):
- Date
- Thread