Configuring the NSS and PAM libraries
How to use the LDAP database to authenticate users on a Linux system.
Edit the /etc/nsswitch.conf and change passwd
, shadow
and group
entries from the SSSD daemon (sss) to LDAP:
passwd: files sss
shadow: files sss
group: files sss
to LDAP (ldap):
passwd: files ldap
shadow: files ldap
group: files ldap
To configure the PAM libraries, edit the /etc/pam.d/system-auth
and /etc/pam.d/password-auth
files
and add the pam_krb5.so
library entries:
auth sufficient pam_krb5.so use_first_pass
...
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
...
password sufficient pam_krb5.so use_authtok
...
session optional pam_krb5.so
Note: Remove the entries for the SSSD libraries (
pam_sss.so
).For additional information on RedHat integration see Integrating Red Hat Enterprise Linux 6 with Active Directory.