Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-30-2003, 10:50 PM
|
#1
|
LQ Newbie
Registered: Aug 2002
Posts: 23
Rep:
|
PAM and nsswitch.conf
Hi,
Can anyone explain to me the differences or relationship between PAM and nsswitch.conf? PAM provide a way to tell the services to authenticate the users against sth, database or flat file...., and so nsswitch.conf does, it is just from my understanding. When a user log in via a service, smtp or pop or sshd or ftp, how can I know the nsswitch.conf or PAM is used. I see sshd in /etc/pam.d/ and when I log in via ssh I see a log entry in /var/log/messages, does it mean ssh is using PAM to authenticate user? If so, what about nsswitch.conf?
Thanks,
Stand
|
|
|
01-11-2010, 07:02 AM
|
#2
|
Member
Registered: Apr 2009
Posts: 74
Rep:
|
I am also on the same, confused, side
Well, I too have been looking for an answer over the net but didn't get anything.
I am not able to understand the order in which the files are referred.
Say for example ldap, if nsswitch.conf is not having ldap for password and group and shadow, ldap server is not even contacted.
But if the entry is there, the system requires LDAP server to be up and responding(if bind_policy hard) even for local users.
Also, if the pam modules in system-auth have pam_unix.so as sufficient even before pam_ldap.so , still LDAP is contacted ??
Any help would be much appreciated
|
|
|
01-11-2010, 09:05 AM
|
#3
|
Member
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661
Rep:
|
The one diffrence i noticed is
PAM tell about which and how module get used while nsswitch.conf don't tell anything about which module for example pam_ldap.so to be used.
Thanks
|
|
|
09-09-2011, 10:25 AM
|
#4
|
LQ Newbie
Registered: Sep 2011
Posts: 11
Rep:
|
Quote:
Originally Posted by luvshines
Well, I too have been looking for an answer over the net but didn't get anything.
I am not able to understand the order in which the files are referred.
Say for example ldap, if nsswitch.conf is not having ldap for password and group and shadow, ldap server is not even contacted.
But if the entry is there, the system requires LDAP server to be up and responding(if bind_policy hard) even for local users.
Also, if the pam modules in system-auth have pam_unix.so as sufficient even before pam_ldap.so , still LDAP is contacted ??
Any help would be much appreciated
|
PAM, or Pluggable Authentication Modules, frees applications from the requirement of dealing with authentication by providing an API that allows them to pass authentication requirements off to the library. The main advantage of this is it is easy to configure applications to use different authentication modules by simply modifying the configuration files. See pam(8) and associated man pages for more information.
Name Service Switch (or NSS) is used by various functions in the C library to control where information was looked for. GNU's C library 2.x (or glibc), which is used in Linux, is modelled after Sun's C library from Solaris 2. The configuration file, /etc/nsswitch.conf, specifies the sources for the ``databases'' and their lookup order.
So i think the order should be pam then nss.
First pass pam authentication certified, then looking for password database.
Last edited by mahao_boy; 09-09-2011 at 10:29 AM.
|
|
|
All times are GMT -5. The time now is 11:24 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|