1. Forum
  2. Usenet
  3. LINUX.GENTOO.USER

  • [gentoo-user] where is pam_ldap now?

    From Evgeny Bushkov@21:1/5 to All on Wed Nov 13 14:50:02 2024
    Hi ,

    somehow my ldap user became blocked from access to a ssh-server. It
    turns out pam can't find pam_ldap.so module anymore. Yes I remember I
    removed it at recent 'emerge --depclean' session but the portage tree
    doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
    There's no mentioning in news nor in web search. I managed to restore
    pam_ldap module from packages but now I'm in need for more reliable
    decision.

    Best regards,
    Evgeny.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael@21:1/5 to All on Wed Nov 13 15:14:27 2024
    On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
    On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
    Hi ,

    somehow my ldap user became blocked from access to a ssh-server. It
    turns out pam can't find pam_ldap.so module anymore. Yes I remember I removed it at recent 'emerge --depclean' session but the portage tree doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
    There's no mentioning in news nor in web search. I managed to restore pam_ldap module from packages but now I'm in need for more reliable decision.

    pam_ldap was masked and last rited on August 8, and deleted from

    ::gentoo on September 13. It wouldn't have been in the news.

    Here is the announcement:

    https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-> d2a805727063@gentoo.org/

    The recommended replacement was nss-pam-ldapd.

    You can keep using pam_ldap if you prefer, from a local overlay.

    The wiki suggests 'sys-auth/sssd' as a more recent alternative:

    https://wiki.gentoo.org/wiki/ Centralized_authentication_using_OpenLDAP#Configuring_SSSD

    https://packages.gentoo.org/packages/sys-auth/sssd

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmc0wlMACgkQseqq9sKV ZxlglxAAj+Oe/8eJJlPvqSkh9UUi57wKgF0FknwNiMA4aTiV7BhqottOgFejzKQF jsbzXxB0F8LWUFYz8Xy/K+wtr8pGZJMNfw/euaMVyHq1KhNvQBPHnu7vafjvTioN Y8Z/K1XSOzIY6b5VIJ4+/NERUl30PEBvcl+lrNV+6Qyz6EnZFys0RuesIMo3cb8X lHJJCIpahPc9jr/0U20usdtCazpssNlKPnMsoW6oDkj5T/Z93G8TIHyNRwoVi2yR e7Uu3E105tXicOepnWYTFiALfCt7ycCu3pqd0gjRcYLHswoW32Bj37OazOhDYGTi AEoTlNmrxUzJ8eKrgngGKL6raAknOrl+xne0I9WTdjkbPYh7/2pH1L7F+xZxBk34 BZhDyXSCMrRRDbpwG+0e+FX6oskNPrKEMhC0J+pYLa8Zn+Gf1VKeuu2EnA97Bi9T C+QbtkeVQTKcjUMbpXwNPIiBFgjYxBN1NrFWAOaQLl3nVKmHLcnBw/7YYO8yXGp+ sAwIwLgaKBtNg/zYDRl2hXWt0cI+biZqgnBRIaEvwtrSryKudFMDA5kJzbowlUmJ eAKh9C4q98Gk9bx3q0Txdjk/dBjRu+Hbz6hYZP4I+d3vkDxuPvHPEwX61kCxnItI bUXUIifyyuQ4031vjfPYzrrkbBSyjpiFqtffyeEVir/c5OHQvx4=
    =pGed
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Eli Schwartz@21:1/5 to Michael on Wed Nov 13 16:30:02 2024
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------GQS05eArp51fm9skhMt7rsQR
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable

    On 11/13/24 10:14 AM, Michael wrote:
    On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
    The recommended replacement was nss-pam-ldapd.

    You can keep using pam_ldap if you prefer, from a local overlay.

    The wiki suggests 'sys-auth/sssd' as a more recent alternative:


    Sure. sssd is a good idea for a modern replacement for configuring LDAP
    users. But nss-pam-ldapd might be considered more desirable for previous
    users of pam_ldap who are looking for a replacement that is relatively equivalent, particularly in terms of being lightweight.

    My gut feeling is that anyone who wanted to use pam_ldap in the first
    place would rather avoid sssd if it's possible to use nss-pam-ldapd. Personally, I would just use sssd, but that is me personally...


    --
    Eli Schwartz

    --------------GQS05eArp51fm9skhMt7rsQR--

    -----BEGIN PGP SIGNATURE-----

    wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCZzTE1gUDAAAAAAAKCRCEp9ErcA0vV7S/ AP95yz3kdSX6Z5swe/UpCH5+gRgSProAYD/vFWUn0ndwigEAk11sEFHbrolt8/sFtiea5OsXUWJS yISIiqGA6cfoKws=
    =/h8w
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Evgeny Bushkov@21:1/5 to Michael on Wed Nov 13 16:40:01 2024
    On 13.11.2024 18:14, Michael wrote:
    On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
    On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
    Hi ,

    somehow my ldap user became blocked from access to a ssh-server. It
    turns out pam can't find pam_ldap.so module anymore. Yes I remember I
    removed it at recent 'emerge --depclean' session but the portage tree
    doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
    There's no mentioning in news nor in web search. I managed to restore
    pam_ldap module from packages but now I'm in need for more reliable
    decision.
    pam_ldap was masked and last rited on August 8, and deleted from

    ::gentoo on September 13. It wouldn't have been in the news.

    Here is the announcement:

    https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-> d2a805727063@gentoo.org/

    The recommended replacement was nss-pam-ldapd.

    You can keep using pam_ldap if you prefer, from a local overlay.
    The wiki suggests 'sys-auth/sssd' as a more recent alternative:

    https://wiki.gentoo.org/wiki/ Centralized_authentication_using_OpenLDAP#Configuring_SSSD

    https://packages.gentoo.org/packages/sys-auth/sssd

    Thanks! I'll take a look at manuals and choose sssd or nss-pam-ldapd for substitution of pam_ldap.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Eli Schwartz@21:1/5 to Evgeny Bushkov on Wed Nov 13 16:20:01 2024
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0q050HadcG8JezKdGdDndK1T
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable

    On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
    Hi ,

    somehow my ldap user became blocked from access to a ssh-server. It
    turns out pam can't find pam_ldap.so module anymore. Yes I remember I
    removed it at recent 'emerge --depclean' session but the portage tree
    doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
    There's no mentioning in news nor in web search. I managed to restore pam_ldap module from packages but now I'm in need for more reliable
    decision.


    pam_ldap was masked and last rited on August 8, and deleted from
    ::gentoo on September 13. It wouldn't have been in the news.


    Here is the announcement:

    https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-d2a805727063@gentoo.org/

    The recommended replacement was nss-pam-ldapd.

    You can keep using pam_ldap if you prefer, from a local overlay.


    --
    Eli Schwartz

    --------------0q050HadcG8JezKdGdDndK1T--

    -----BEGIN PGP SIGNATURE-----

    wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCZzTBxgUDAAAAAAAKCRCEp9ErcA0vVz4u AP9QOuu4t6UIzQ+HoiEjEyQpZHh2An8wTWb2hkk4+xdj1QEAon3jq9lsGo9LYtTRApts2PUoAA9Z 4zl5Gcg6hcSTcgU=
    =EPs5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)