Differences

This shows you the differences between two versions of the page.

--- ldap [2009/08/17 06:03]
172.26.0.166
+++ ldap [2010/05/22 14:19] (current)
@@ Line 1: / Line 1: @@
-**LDAP Authentication**
+===== LDAP Authentication =====
@@ Line 7: / Line 7: @@
   * Requirements:
-Unordered List Item
 Properly configured user accounts in the active directory (UserPrincipalName property in the form username@cgiarad.org)
   * Implementation
 Authentication on a Linux PC’s is managed by PAM modules (Pluggable Authentication Modules). A special PAM module should be used, configured to test username  an password credentials against an Active Directory domain controller. An PAM module of that sort has been implemented by CIP for authenticating users to the HPC.
+Compiling the sources of the custom LDAP module:
+''gcc -fPIC  -c pam_cgiar_ldap.c''
+Linking the sources
+''ld -x --shared -o pam_cgiar_ldap.so pam_cgiar_ldap.o –lldap''
+The library pam_cgiar_ldap.so must be copied where the other PAM modules are saved, that is:
+''/lib/security''
+on the HPC
+''/lib64/security''
+PAM configuration files for each PAM enabled application we want to work with should be configured.
+Remember than when using the pam_cgiar_ldap.so module in the PAM file it cannot be on top of the auth stack.
+For example to use LDAP authentication for SSH logins we shall include into the file /etc/pam.d/sshd  a call to our custom PAM module.
 See document: CGIAR-HPC-COP.doc

ILRI Research Computing