ldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
ldap [2010/05/22 14:19] – external edit 127.0.0.1 | ldap [2024/01/16 09:21] (current) – removed aorth | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== LDAP Authentication ===== | ||
- | |||
- | |||
- | Using LDAP for authentication against the CGIAR Active Directory for SSH, local and GUI logins to a Linux computer. | ||
- | |||
- | ===== Overview ===== | ||
- | |||
- | * Requirements: | ||
- | Properly configured user accounts in the active directory (UserPrincipalName property in the form username@cgiarad.org) | ||
- | |||
- | * Implementation | ||
- | Authentication on a Linux PC’s is managed by PAM modules (Pluggable Authentication Modules). A special PAM module should be used, configured to test username | ||
- | |||
- | Compiling the sources of the custom LDAP module: | ||
- | |||
- | '' | ||
- | |||
- | Linking the sources | ||
- | |||
- | '' | ||
- | |||
- | The library pam_cgiar_ldap.so must be copied where the other PAM modules are saved, that is: | ||
- | |||
- | ''/ | ||
- | |||
- | on the HPC | ||
- | |||
- | ''/ | ||
- | |||
- | PAM configuration files for each PAM enabled application we want to work with should be configured. | ||
- | |||
- | Remember than when using the pam_cgiar_ldap.so module in the PAM file it cannot be on top of the auth stack. | ||
- | |||
- | For example to use LDAP authentication for SSH logins we shall include into the file / | ||
- | |||
- | |||
- | See document: CGIAR-HPC-COP.doc | ||
- | |||
- | |||
ldap.1274537972.txt.gz · Last modified: 2010/05/22 14:19 by 127.0.0.1