| 1 |
On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote: |
| 2 |
|
| 3 |
> thanks. I believe I am starting to understand this. |
| 4 |
> |
| 5 |
> I was seeing that ldap can authenticate in a lot of types, like , |
| 6 |
> databases, files, and PAM do some things like that too.... or am I |
| 7 |
> wrong ? |
| 8 |
> |
| 9 |
as far as I know you are wrong. ldap is an authentication |
| 10 |
mechanism. it stores usernames, passwords, and much more. |
| 11 |
hopefully, i'll not screw up this explanation. You sit down to your |
| 12 |
computer....you see the login prompt. You type username, it asks for |
| 13 |
a password. you give it one. it (the getty program) then passes |
| 14 |
those credentials to pam. pam looks in it's list of authentication |
| 15 |
mechanisms to see in what order you'd like to try to authenticate. |
| 16 |
say it's ldap, then nis, then shadow. so it does a query to ldap |
| 17 |
using your username as a key to retrieve your encrypted password. it |
| 18 |
then compares what returns (assuming you are in the ldap db) with the |
| 19 |
encrypted form of what you typed. If it matches, pam checks to see |
| 20 |
if that's simply a required authentication, or a sufficient |
| 21 |
authentication. it is possible with pan to require more than one |
| 22 |
test be passed before saying okay. if more tests are required, or |
| 23 |
you don't pass that test, pam goes down it's list of other methods. |
| 24 |
typically, for instance, root is only in shadow NOT in ldap. so |
| 25 |
usually, users are allowed to fail the ldap (or nis) and be checked |
| 26 |
against shadow. usually, though, shadow is the authentication method |
| 27 |
of last resort. so pam is a framework into which multiple |
| 28 |
authentication methods can snap. |
| 29 |
> On 1/13/06, John Jolet <john@×××××.net> wrote: |
| 30 |
>> |
| 31 |
>> On Jan 13, 2006, at 11:03 AM, Allan Spagnol Comar wrote: |
| 32 |
>> |
| 33 |
>>> Hi, I don´t know if this is a valid question, or I am making a big |
| 34 |
>>> mess, but I was wondering witch autentication method is better, ldap |
| 35 |
>>> or pam. I would like to know too if is possible to use bouth. |
| 36 |
>>> |
| 37 |
>> ldap is one of the methods that can (p)lug in to pam (pluggable |
| 38 |
>> authentication method...) |
| 39 |
>> |
| 40 |
>>> thanks. |
| 41 |
>>> -- |
| 42 |
>>> An application asked: |
| 43 |
>>> "Requeires Windows 9x, NT4 or better", |
| 44 |
>>> so I´ve installed Linux |
| 45 |
>>> |
| 46 |
>>> -- |
| 47 |
>>> gentoo-user@g.o mailing list |
| 48 |
>>> |
| 49 |
>> |
| 50 |
>> |
| 51 |
>> -- |
| 52 |
>> gentoo-user@g.o mailing list |
| 53 |
>> |
| 54 |
>> |
| 55 |
> |
| 56 |
> |
| 57 |
> -- |
| 58 |
> An application asked: |
| 59 |
> "Requeires Windows 9x, NT4 or better", |
| 60 |
> so I´ve installed Linux |
| 61 |
> |
| 62 |
> -- |
| 63 |
> gentoo-user@g.o mailing list |
| 64 |
> |
| 65 |
|
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-user@g.o mailing list |
Archives