[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] pam_oath and pam_ldap together?
From: |
Simon Josefsson |
Subject: |
Re: [OATH-Toolkit-help] pam_oath and pam_ldap together? |
Date: |
Tue, 19 May 2015 12:25:50 +0200 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4 (gnu/linux) |
Patrick Proniewski <address@hidden> writes:
> Hello,
>
> I'm absolute beginner with OAth, I've installed the freebsd package
> few hours ago, and started playing and google immediately.
>
> I have a bunch of Linux/FreeBSD servers that are bound to a LDAP
> server for sysadmin and users authentication, using pam_ldap. I would
> like to add a layer of security on top of that with pam_oath, but I'm
> pretty sure it won't be that easy, as I have not found a single
> example of such a configuration.
>
> Is it possible to authenticate on a server through pam_ldap (non-local
> users) with the added security of pam_oath?
Hi. Sorry for slow response. No, not to my knowledge. A lot of PAM
modules include LDAP support natively to adress this use-case. It is
similar for validating the password-part, libpam-oath takes over this
role and does it poorly.
If someone know how to configure PAM to acomplish something better,
please share.
I suppose that supporting LDAP directly in the PAM module is ineviteble,
even though I don't look forward to maintaining that code.
/Simon
signature.asc
Description: PGP signature
- Re: [OATH-Toolkit-help] pam_oath and pam_ldap together?,
Simon Josefsson <=