Dear
list,
We are using PAM to authenticate posixUsers against OpenLDAP. This
works great, and allows 'local' (ssh) logins. However, we also use LDAP
for a number of other services, including remote access and editing via
other software. This means we would like to keep our users passwords as
secure as possible, and enforce encrypted logins for all remote hosts.
However, PAM should still be able to authenticate.
The manner of encryption is not really important, it just has to be
strong enough to be useful over the internet, and usable for all (or
most) clients.
We have tried various solutions with ssf directives in
/etc/ldap/slapd.conf as well as the security tls=1 directive. All of
these attempts broke PAM.
Is what we are trying to do possible with OpenLDAP? If so, could
someone maybe point us to an example configuration?
Thank you for your time,
Kasper Loopstra.