Difference between revisions of "User talk:Bobpaul"

From ArchWiki
Jump to: navigation, search
(PAM LDAP Authentication: new section)
 
Line 10: Line 10:
  
 
Thanks! --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 23:27, 13 November 2013 (UTC)
 
Thanks! --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 23:27, 13 November 2013 (UTC)
 +
:The arch devs seem to pull a lot of upstream decisions from fedora, so their [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/PAM_Configuration_Files.html pam documentation] should apply nicely to us. (I guess pam is pretty generic, but our conf.d is organized similar to theirs.) Looking over that should give a pretty good idea of what sufficient, required, and optional do and some idea what auth, account, password, and session are.
 +
:Now that said, I'm still not entirely sure what session does ;) The [http://arthurdejong.org/nss-pam-ldapd/setup upstream configuration example] for [http://arthurdejong.org/nss-pam-ldapd nss-pam-ldapd] shows session as optional, as do several other examples I've seen. Today's edits to the wiki were very much the result of my own experimentation.
 +
:I suppose I would expect sufficient to also work for session (as the documentation says failures are ignored). That's probably something to ask upstream.[[User:Bobpaul|Bobpaul]] ([[User talk:Bobpaul|talk]]) 00:07, 14 November 2013 (UTC)

Revision as of 00:07, 14 November 2013

PAM LDAP Authentication

Hi, thanks for you edits to LDAP Authentication! I was hoping someone would update the PAM section, as I know little about the subject.

However, I was wondering about the following section:

First edit /etc/pam.d/system-auth. (...) Make pam_ldap.so sufficient at the top of each section, except in the session section, where we make it optional.

Could you explain why the session section is other than the rest? I would really appreciate it, and I think it would be useful to add the explaination to the page!

Thanks! --Lonaowna (talk) 23:27, 13 November 2013 (UTC)

The arch devs seem to pull a lot of upstream decisions from fedora, so their pam documentation should apply nicely to us. (I guess pam is pretty generic, but our conf.d is organized similar to theirs.) Looking over that should give a pretty good idea of what sufficient, required, and optional do and some idea what auth, account, password, and session are.
Now that said, I'm still not entirely sure what session does ;) The upstream configuration example for nss-pam-ldapd shows session as optional, as do several other examples I've seen. Today's edits to the wiki were very much the result of my own experimentation.
I suppose I would expect sufficient to also work for session (as the documentation says failures are ignored). That's probably something to ask upstream.Bobpaul (talk) 00:07, 14 November 2013 (UTC)