LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 06-30-2003, 10:50 PM   #1
stand
LQ Newbie
 
Registered: Aug 2002
Posts: 23

Rep: Reputation: 15
PAM and nsswitch.conf


Hi,

Can anyone explain to me the differences or relationship between PAM and nsswitch.conf? PAM provide a way to tell the services to authenticate the users against sth, database or flat file...., and so nsswitch.conf does, it is just from my understanding. When a user log in via a service, smtp or pop or sshd or ftp, how can I know the nsswitch.conf or PAM is used. I see sshd in /etc/pam.d/ and when I log in via ssh I see a log entry in /var/log/messages, does it mean ssh is using PAM to authenticate user? If so, what about nsswitch.conf?
Thanks,

Stand
 
Old 01-11-2010, 07:02 AM   #2
luvshines
Member
 
Registered: Apr 2009
Posts: 74

Rep: Reputation: 16
I am also on the same, confused, side

Well, I too have been looking for an answer over the net but didn't get anything.
I am not able to understand the order in which the files are referred.
Say for example ldap, if nsswitch.conf is not having ldap for password and group and shadow, ldap server is not even contacted.
But if the entry is there, the system requires LDAP server to be up and responding(if bind_policy hard) even for local users.
Also, if the pam modules in system-auth have pam_unix.so as sufficient even before pam_ldap.so , still LDAP is contacted ??
Any help would be much appreciated
 
Old 01-11-2010, 09:05 AM   #3
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
The one diffrence i noticed is
PAM tell about which and how module get used while nsswitch.conf don't tell anything about which module for example pam_ldap.so to be used.
Thanks
 
Old 09-09-2011, 10:25 AM   #4
mahao_boy
LQ Newbie
 
Registered: Sep 2011
Posts: 11

Rep: Reputation: Disabled
Quote:
Originally Posted by luvshines View Post
Well, I too have been looking for an answer over the net but didn't get anything.
I am not able to understand the order in which the files are referred.
Say for example ldap, if nsswitch.conf is not having ldap for password and group and shadow, ldap server is not even contacted.
But if the entry is there, the system requires LDAP server to be up and responding(if bind_policy hard) even for local users.
Also, if the pam modules in system-auth have pam_unix.so as sufficient even before pam_ldap.so , still LDAP is contacted ??
Any help would be much appreciated
PAM, or Pluggable Authentication Modules, frees applications from the requirement of dealing with authentication by providing an API that allows them to pass authentication requirements off to the library. The main advantage of this is it is easy to configure applications to use different authentication modules by simply modifying the configuration files. See pam(8) and associated man pages for more information.

Name Service Switch (or NSS) is used by various functions in the C library to control where information was looked for. GNU's C library 2.x (or glibc), which is used in Linux, is modelled after Sun's C library from Solaris 2. The configuration file, /etc/nsswitch.conf, specifies the sources for the ``databases'' and their lookup order.

So i think the order should be pam then nss.
First pass pam authentication certified, then looking for password database.

Last edited by mahao_boy; 09-09-2011 at 10:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/nsswitch.conf blackzone Linux - Networking 2 04-04-2006 05:32 PM
LDAP & NSSwitch.conf matarodi Debian 0 09-11-2005 03:10 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 09:56 PM
nsswitch.conf and host.conf differences peter72 Linux - Networking 4 10-23-2004 01:02 AM
nsswitch.conf dunkyb Linux - General 1 04-19-2003 11:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration