PAM or ldap, which will be best for my needs?
 

Recently I was put in charge of 14 Slackware Linux servers. Luckily it's just making sure they are running and patched. Well I wanted to create a user management system so that each of the users that log into these machines will never have to remember what password goes to what box. Fox example, they can log into one box change their password then log into another and use that new password. Something similar to what Active Directory does (at least that's what I have been told it does). Now I know ldap is good at working with AD, but I'm not using AD and I was told that when the boxes communicate it's over an unencrypted connection (with ldap). It was suggested to me to use PAM because it does what I want and will encrypt the traffic. Is this information correct? What suggestions can be offered oh how I might go about this. Thank you.

edit:
I should note that at this time the only way anyone can login to the servers is to by physically in front of them or SSH.

OpenLDAP+TLS
http://www.linuxhomenetworking.com/w...DAP_and_RADIUS (you can ignore the RADIUS section).

LDAP authentication using pam_ldap and nss_ldap
http://www.faqs.org/docs/Linux-HOWTO...TO.html#PAMNSS

Thanks for the links. Good to know I can just use ldap for my needs. That will be helpful in the future as the company says they want to also start using windows servers and I know ldap and AD can work together. Thanks again. Hopefully this will get me headed in the right direction.

To clarify: PAM is a standard low-level architecture for implementing security modules... one of which can be "a module that queries LDAP to get its answers."