Let's Sign the petition today.

Disconnected Authentication on Debian Etch

If you authenticate against a centralized authentication tool (ldap, kerberos..) You need to configure it to be able to authenticate "offline"

packages required: libpam-ccreds, nss-updatedb

Work in progress... ;)

LDAP offine authentication

/etc/pam.d/common-account

account sufficient      pam_unix.so nullok_secure
account sufficient      pam_ldap.so
account required        pam_permit.so

/etc/pam.d/common-auth

auth    [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass
auth    [default=done]  pam_ccreds.so action=validate use_first_pass
auth    [default=done]  pam_ccreds.so action=store use_first_pass
auth    [default=bad]  pam_ccreds.so action=update use_first_pass

/etc/pam.d/common-password ; /etc/pam.d/common-session

#see pam_ldap.conf(5) manpage and documentation in /usr/share/doc/libpam-ldap

/etc/pam.d/gnome-screensaver

gnome-screenvaver won't let you unlock you computer with default configuration.

#First,let's disable the default:  @include common-auth
auth    sufficient      pam_unix.so
auth    [authinfo_unavail=ignore success=done] pam_ldap.so use_first_pass
auth    [default=done]  pam_ccreds.so action=validate use_first_pass

Kerberos offine authentication

Probably similar... Needs testing

keywords : disconnected,offline,network,LDAP,kerberos
Author: Franklin PIAT - Last-Modified : Thu, 2007-03-22 08:14:27 GMT