-   Linux - Security (
-   -   How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc) (

Kernel Johnson 03-24-2010 10:19 AM

How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc)
Hi folks,

Sitrep, long story short.

Running this software:

Linux 2.6 on a hacked LaCie NetworkSpace
installed SSHd 5.4
installed Samba 3.4
installed lighttpd 1.4
installed ProFTPD 1.3

I want:

Login with my account and same password on all of those. When i use passwd, the change should be reflected on all of them.

I have:

Samba uses encrypted passwords, and i must change passwords for samba with smbpasswd.

lighttpd uses separate password file, must change by hand.

ProFTPD and SSH use system login (/etc/shadow).

So far i found two possible solutions, but can't tell if i understood them right or how to achieve them:
  1. use LDAP as auth backend If i could make LDAP my auth backend, provided this is possible at all, lighttpd would use this directly, and PAM would use it for system login. Nevertheless, actually this can't work as Samba uses encrypted passwords. Correct?
  2. use Samba password backend, then make LDAP use that If passwd, login, etc would use Samba, i would work everywhere with MD4 hashed stuff. Lighttpd would send plain passwords (HTTP basic auth), and query LDAP, which in turn makes an MD4 hash, and tests for Sambas passwd. Will this work?

Please share your thoughts and experience with this issue, i'll be much obliged four your comment and preferably howto links, thanks!

kbp 03-26-2010 02:09 AM

An ldap server can do this, once pam is configured to use ldap it will be available to any application that uses pam. The next step would be to check whether the other applications support pam or not.


All times are GMT -5. The time now is 10:03 AM.