On 13 Jan 2006, at 17:45, Allan Spagnol Comar wrote:
thanks. I believe I am starting to understand this. I was seeing that ldap can authenticate in a lot of types, like , databases, files, and PAM do some things like that too.... or am I wrong ?
Yes, pretty much. But they're often structured at different layers - a service might call PAM for authentication which might then call LDAP, I think.
PAM allows you to specify multiple authentication sources - such as / etc/passwd, other flat-file, or perhaps using WinBind to talk to a Windows Domain Controller. PAM is extremely flexible in managing these sources - I think, for example, it could require the username to be in one source but then authenticate the username:password against another source, or it can allow a user to log in via any one of multiple authentication mechanisms.
LDAP authentication allows your users to login against a centralised database - the service they're logging into authenticates against the LDAP server. I don't really know much about LDAP and how it's managed but it offers centralised single-signon that PAM alone can't offer (although PAM could certainly be a _part_ of that).
Stroller. --
gentoo-user@gentoo.org mailing list
