pam_ldap
The "Pluggable Authentication Modules" (PAM) are responsible on most Linux services for user authentification. The module pam_ldap realizes saving of passwords, user accounts, UNIX groups and other data in the LDAP data base, important for access rights.
For compiling pam_ldap see also the sections nss_ldap-207 and pam_ldap-164 in the script COMPILE-MYLINUX. The Patch nss_ldap.patch corrects a too strong restriction of the "configure" skript: Under myLinux newer versions are installed of aclocal and automake, than of the "configure" script are required.
The version inquiry is switched off therefore.
Connection to LDAP
The connection between pam_ldap and nsswitch (name service SWITCH) is made by file /etc/ldap.conf. This file only is a left to the file /etc/openldap/ldap.conf those the Client Tools of OpenLDAP (ldapsearch, ldapadd, etc. ldapdelete.) configured.
The file /etc/nsswitch.conf indicates, which services name of the service SWITCH are changed over to LDAP. The conversion of the form "files is ldap", i.e. the original configuration files /etc/passwd,/etc/shadow and /etc/group first is queried, and if no entry is only found there, the inquiry openLDAP passed on.
Connection to the services
The authentification of individual services is regulated through configuration files in the /etc/pam.d listing. Most of these files correspond to a large extent with pam_ldap delivered files, apart from out-commentated calls of cracklib and pwdb (does not install both at present).
There are adjustments in the files of the Mailsystems, the Web server and the Secure Shell. There are two different regulations, presented at /etc/pam.d/pop and /etc/pam.d/sshd. First guarantees that only LDAP users can authentificate themselves, not however users from the UNIX Passwordsystem /etc/passwd as for example the privileged system users (roots, are etc.). In addition no UNIX meeting, but only the Authentification is permitted - more is not needed for Mailsystem or Web services.
The file for Secure Shell /etc/pam.d/sshd makes possible however
also for system users from /etc/passwd the Login and a UNIX meeting.
The file /etc/pam.d/pop is responsible for a whole set of services; for this purpose it is several times linked. See in addition also the outputs of the command ls -l /etc/pam.d/.