| No Comments | No TrackBacks
One of the entities for whom I regularly do work has requested that a server of theirs uses LDAP for authentication, and not the local password file. However, the system depends on the files to provide the user information (home directory, uid, gid, and so on). While the process has been documented in previous versions of RHEL, the process was again changed in RHEL 5. One of the fundamental requirements was that any access to LDAP use encryption. To this end, it was determined that the TLS method was sufficient, and supported by the LDAP vendor. The customer further dictated that the password changes would be implemented through a different mechanism. In RHEL 3 and RHEL 4, this alters the /etc/pam.d/system-auth file, adding or uncommenting the following primitives which have been highlighted:

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
#ssl on

In RHEL 5, these primitives have been moved to the /etc/ldap.conf file.  So to effect the same change, update /etc/ldap.conf, not /etc/pam.d/system-auth.

No TrackBacks

TrackBack URL: http://blog.catonic.us/cgi-bin/mt/mt-tb.cgi/22

Leave a comment

About this Entry

This page contains a single entry by Kris Kirby published on May 19, 2010 3:32 PM.

Broadcasting, Russian Style was the previous entry in this blog.

The Moving Ethernet Interface is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.