This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server (client.test.net) to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.
I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.
Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.
apt-get install libpam-ldap nscd cd /etc/ emacs nsswitch.conf change: passwd: ldap compat group: ldap compat shadow: ldap compat cd /etc/pam.d/ edit each of the following files... * common-auth (edit) auth [success=1 default=ignore] pam_unix.so nullok_secure (add) auth required pam_ldap.so use_first_pass (add) auth required pam_permit.so * common-account (edit) account sufficient pam_unix.so (add) account required pam_ldap.so * common-session (add) session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 * common-password (edit) password sufficient pam_unix.so nullok obscure md5 (add) password required pam_ldap.so invoke-rc.d nscd restart