How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc)
Hi folks,
Sitrep, long story short.
Running this software:
Linux 2.6 on a hacked LaCie NetworkSpace
installed SSHd 5.4
installed Samba 3.4
installed lighttpd 1.4
installed ProFTPD 1.3
I want:
Login with my account and same password on all of those. When i use passwd, the change should be reflected on all of them.
I have:
Samba uses encrypted passwords, and i must change passwords for samba with smbpasswd.
lighttpd uses separate password file, must change by hand.
ProFTPD and SSH use system login (/etc/shadow).
So far i found two possible solutions, but can't tell if i understood them right or how to achieve them:
use LDAP as auth backend If i could make LDAP my auth backend, provided this is possible at all, lighttpd would use this directly, and PAM would use it for system login. Nevertheless, actually this can't work as Samba uses encrypted passwords. Correct?
use Samba password backend, then make LDAP use that If passwd, login, etc would use Samba, i would work everywhere with MD4 hashed stuff. Lighttpd would send plain passwords (HTTP basic auth), and query LDAP, which in turn makes an MD4 hash, and tests for Sambas passwd. Will this work?
Please share your thoughts and experience with this issue, i'll be much obliged four your comment and preferably howto links, thanks!
An ldap server can do this, once pam is configured to use ldap it will be available to any application that uses pam. The next step would be to check whether the other applications support pam or not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.