X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Fpam.d%2Fcommon-ldap;fp=etc%2Fpam.d%2Fcommon-ldap;h=3ba453ba40f5df27c0cb305fac830f1559897ca9;hb=db893de87844a32d12a67bc1077af3d89ba002c3;hp=0000000000000000000000000000000000000000;hpb=f0a96880c0310f312ad7c08653178cdeedf69c6d;p=matthijs%2Fservers%2Ftika.git

diff --git a/etc/pam.d/common-ldap b/etc/pam.d/common-ldap
new file mode 100644
index 0000000..3ba453b
--- /dev/null
+++ b/etc/pam.d/common-ldap
@@ -0,0 +1,37 @@
+# /etc/pam.d/common-ldap - settings for ldap
+# 
+# This file setups up auth for ldap users, but account, session and password
+# for all users.
+#
+# This file is included from other service-specific PAM config files and
+# contains the modules needed to get ldap users for all four sections.
+
+
+# Do authentication for LDAP users
+auth    required        pam_ldap.so
+
+# pam_unix does general checks based on NSS info, so it also works for ldap
+# users.
+account required        pam_unix.so
+
+# pam_ldap does additional checks (in particular checking the host ldap
+# attribute) but needs to be ignored when it does not know about a user.
+account         [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=ignore default=bad] \
+                                pam_ldap.so
+
+
+password    sufficient    pam_unix.so obscure sha512
+password    sufficient    pam_ldap.so
+password    required      pam_deny.so
+
+# Set resource limits from /etc/security/limits.conf
+session     required      pam_limits.so
+
+# Write logins to syslog
+session     required      pam_unix.so
+
+# Tell pam_ldap about sessions as well, though it does not currently do
+# anything.
+session     required      pam_ldap.so
+
+#session     required      pam_mkhomedir.so skel=/etc/skel umask=0022