On 2/24/22 08:37, Ulrich Windl wrote:
As the "pam_" prefix might indicate, try "man
Features of the PADL pam_ldap
Note that there are two different pam_ldap modules out there:
1. The ancient unmaintained PADL modules which directly send LDAP
operations and are generally *not recommended* to be used nowadays.
2. The small PAM front-end module of nss-pam-ldapd which pass PAM
requests to a long-running aka nslcd over a Unix domain socket.
Basically when integrating NSS and PAM one has to choose which service
to use for the integration: nss-pam-ldapd or sssd, both with their own
NSS/PAM front-end modules.
P.S.: Yes, I have to admit I forgot in my former e-mail that passwd(1)
sends password change requests via PAM. But I'd strongly recommend to
not use that anyway.