Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
On Saturday, December 15, 2018 06:18:49 PM Ryan Tandy wrote:
On Fri, Dec 14, 2018 at 03:24:17PM -0500, Jean-Francois Malouin
wrote:
>I'm using libnss-ldap along with pam-ldap on Ubuntu and Debian clients.
I have not tried this myself, but recent versions of nss-pam-ldapd
appear to include a 'chsh.ldap' command in the nslcd-utils package.
However it looks like that would require you to be using libnss-ldapd
and libpam-ldapd with nslcd, rather than the old libnss-ldap and
libpam-ldap.
It is probably not a good idea to do chsh in a LDAP controlled site in the first
place. What if the user chsh into
something not installed on every host, then realize she cannot login anymore?
local chsh at least is protected by the local /etc/shells. It is probably simpler and
safer
to have a line of "exec zsh --login" in their .profile file
--
Derek Zhou