On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote:
thanks. I believe I am starting to understand this.
I was seeing that ldap can authenticate in a lot of types, like ,
databases, files, and PAM do some things like that too.... or am I
wrong ?
as far as I know you are wrong. ldap is an authentication
mechanism. it stores usernames, passwords, and much more.
hopefully, i'll not screw up this explanation. You sit down to your
computer....you see the login prompt. You type username, it asks for
a password. you give it one. it (the getty program) then passes
those credentials to pam. pam looks in it's list of authentication
mechanisms to see in what order you'd like to try to authenticate.
say it's ldap, then nis, then shadow. so it does a query to ldap
using your username as a key to retrieve your encrypted password. it
then compares what returns (assuming you are in the ldap db) with the
encrypted form of what you typed. If it matches, pam checks to see
if that's simply a required authentication, or a sufficient
authentication. it is possible with pan to require more than one
test be passed before saying okay. if more tests are required, or
you don't pass that test, pam goes down it's list of other methods.
typically, for instance, root is only in shadow NOT in ldap. so
usually, users are allowed to fail the ldap (or nis) and be checked
against shadow. usually, though, shadow is the authentication method
of last resort. so pam is a framework into which multiple
authentication methods can snap.
On 1/13/06, John Jolet <[EMAIL PROTECTED]> wrote:
On Jan 13, 2006, at 11:03 AM, Allan Spagnol Comar wrote:
Hi, I don´t know if this is a valid question, or I am making a big
mess, but I was wondering witch autentication method is better, ldap
or pam. I would like to know too if is possible to use bouth.
ldap is one of the methods that can (p)lug in to pam (pluggable
authentication method...)
thanks.
--
An application asked:
"Requeires Windows 9x, NT4 or better",
so I´ve installed Linux
--
gentoo-user@gentoo.org mailing list
--
gentoo-user@gentoo.org mailing list
--
An application asked:
"Requeires Windows 9x, NT4 or better",
so I´ve installed Linux
--
gentoo-user@gentoo.org mailing list
--
gentoo-user@gentoo.org mailing list
