1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
|
Template: libpam-ldap/rootbinddn
Type: string
Default: cn=manager,dc=example,dc=net
_Description: LDAP account for root:
This account will be used when root changes a password.
.
Note: This account has to be a privileged account.
Template: libpam-ldap/rootbindpw
Type: password
_Description: LDAP root account password:
Please enter the password to use when ${package} tries to
login to the LDAP directory using the LDAP account for root.
.
The password will be stored in a separate file ${filename}
which will be made readable to root only.
.
Entering an empty password will re-use the old password.
Template: libpam-ldap/dblogin
Type: boolean
Default: false
_Description: Does the LDAP database require login?
Choose this option if you can't retrieve entries from
the database without logging in.
.
Note: Under a normal setup, this is not needed.
Template: shared/ldapns/base-dn
Type: string
Default: dc=example,dc=net
_Description: Distinguished name of the search base:
Please enter the distinguished name of the LDAP search base. Many sites
use the components of their domain names for this purpose. For example,
the domain "example.net" would use "dc=example,dc=net" as the
distinguished name of the search base.
Template: libpam-ldap/pam_password
Type: select
__Choices: clear, crypt, nds, ad, exop, md5
Default: crypt
_Description: Local crypt to use when changing passwords.
The PAM module can set the password crypt locally when changing the
passwords, this is usually a good choice. By setting this to something
else than clear you are making sure that the password gets crypted in some
way.
.
The meanings for selections are:
.
clear - Don't set any encryptions, this is useful with servers that
automatically encrypt userPassword entry.
.
crypt - (Default) make userPassword use the same format as the flat
filesystem. this will work for most configurations
.
nds - Use Novell Directory Services-style updating, first remove the old
password and then update with cleartext password.
.
ad - Active Directory-style. Create Unicode password and update unicodePwd
attribute
.
exop - Use the OpenLDAP password change extended operation to update the
password.
Template: shared/ldapns/ldap_version
Type: select
Choices: 3, 2
Default: 3
_Description: LDAP version to use:
Please enter which version of the LDAP protocol should be used by
ldapns. It is usually a good idea to set this to the highest
available version number.
Template: libpam-ldap/binddn
Type: string
Default: cn=proxyuser,dc=example,dc=net
_Description: Unprivileged database user:
Please enter the name of the account that will be used to log in to the LDAP
database.
.
Warning: DO NOT use privileged accounts for logging in, the configuration
file has to be world readable.
Template: libpam-ldap/dbrootlogin
Type: boolean
Default: true
_Description: Make local root Database admin.
This option will allow you to make password utilities that use pam, to
behave like you would be changing local passwords.
.
The password will be stored in a separate file which will be made
readable to root only.
.
If you are using NFS mounted /etc or any other custom setup, you should
disable this.
Template: shared/ldapns/ldap-server
Type: string
Default: ldapi:///
_Description: LDAP server Uniform Resource Identifier:
Please enter the URI of the LDAP server used. This is a string in the
form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also
be used. The port number is optional.
.
Note: It is usually a good idea to use an IP address; this reduces risks
of failure in the event name service is unavailable.
Template: libpam-ldap/bindpw
Type: password
_Description: Password for database login account:
Please enter the password that will be used to log in to the LDAP database.
Template: libpam-ldap/override
Type: boolean
Default: true
_Description: Make debconf change your config?
libpam-ldap has been moved to use debconf for its configuration. Should
the settings in debconf be applied to the configuration? Package
upgrades will use your answer here going forward.
|