Авторизация через pam_ldap в Gentoo Linux
Андрей Коврин


# emerge pam_ldap nss_ldap



auth    required        pam_env.so
auth    sufficient      pam_unix.so likeauth nullok shadow
auth    sufficient      pam_ldap.so use_first_pass
auth    required        pam_deny.so

account                 sufficient      pam_unix.so
account                 sufficient      pam_ldap.so 

password        required        pam_cracklib.so retry=3
password        sufficient      pam_unix.so nullok use_authtok md5 shadow
password        sufficient      pam_ldap.so use_authtok use_first_pass
password        required        pam_deny.so

session         required        pam_limits.so
session         required        pam_unix.so
session         required        pam_mkhomedir.so skel=/etc/skel/
session         optional        pam_ldap.s



passwd:      compat ldap
shadow:      compat ldap
group:       compat lda



host some.host.com
base ou=shellusers,dc=some,dc=host,dc=com
ldap_version 3
port 389
scope sub
pam_login_attribute uid



ou: shellusers
uid: kover
cn: Andrey Kovrin
givenname: Andrey
sn: Kovrin
objectClass: person
objectClass: posixAccount
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/shellusers/kover
loginShell: /bin/bas



$ getent passwd



# emerge openldap



# emerge migrationtools



# emerge proftpd



LDAPServer some.host.com
LDAPDoAuth on "ou=shellusers,dc=some,dc=host,dc=com"
LDAPDefaultAuthScheme clear
LDAPHomedirOnDemand on