Satya's blog - LDAP/Kerberos login with local accounts

Sep 27 2009 15:56 LDAP/Kerberos login with local accounts

Suppose your organization uses LDAP authorization, and maybe kerberos, and you have a Debian-based box with PAM (Pluggable Authentication Modules). Then, in /etc/pam.d/, you need:

# /etc/pam.d/common-auth :
auth    sufficient      pam_unix.so nullok_secure
auth    sufficient      pam_krb5.so use_first_pass
auth required pam_deny.so

# /etc/pam.d/common-password :
password   required   pam_unix.so nullok obscure min=8 max=16 md5

# /etc/pam.d/common-session :
session required        pam_unix.so

Only the pam_krb5 line is required, the rest are provided for completeness.

Tag: geeky sysadmin