[CentOS] Where to find RHDS (Red Hat Directory Server) ?

Wei Yu zig.wei at gmail.com
Wed May 30 06:01:07 UTC 2007


I see.
In summary, PAM is still difficult for using two passwords for two different
ways, right?
I will try to read more about PAM to see if so.
Thanks.


On 5/30/07, Les Mikesell <lesmikesell at gmail.com> wrote:
>
> Wei Yu wrote:
> > Could you give more details? I am not familiar with PAM.
> > I know it can use some "plugged" auth methods to do some job, but I do
> > not know which plug is suitable.
>
> If you are running Centos, all of your system authentication is probably
> being done by PAM for all programs that take a login and password except
> for apache.  If you run 'authconfig' you can set one or more methods
> that are then used by everything.  However, each service may still be
> configured separately.  If you look in the /etc/pam.d directory you will
> see a file for each service that contains the steps to follow.  The
> references to system-auth include the list built by authconfig - but you
> can change it per file if you want.
>
> > What I want is just like Richardson's remarks. I want to use two auth
> > methods for web users and users who can have a shell, which the former
> > will care less about the security of the password. e.g. two different
> > passwords for them.
> > I do want to know if there are better solutions.
>
> If you really want your web access to be separate, PAM may not be the
> way to go.  Apache has a large number of internal authentication and
> authorization modules that can be used instead.  However, if you want to
> combine them, you can install the mod_auth_pam apache module and use a
> /etc/pam.d/httpd file like:
>
> #%PAM-1.0
> auth       required     pam_stack.so service=system-auth
> account    required     pam_permit.so
>
> This uses the set of steps configured by authconfig to check a
> login/password pair but does not require any account info.  In my case I
> have smb authentication against a windows domain plus local linux
> accounts configured for the system. (The local account access requires
> making the /etc/shadow file readable by apache which is a downside).
> This lets anyone in the windows domain log in for web services but
> services like ssh or other login facilities will require account entries
> that won't exist unless I add users to the system.  In the latter case,
> either the domain or local passwords will work.
>
> --
>   Les Mikesell
>    lesmikesell at gmail.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Zijing 15# 1404B Tsinghua Univ.
+86 -10 -51537235
Zig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070530/52c5fcac/attachment.html>


More information about the CentOS mailing list