1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Template: libpam-ldap/rootbinddn
Type: string
Default: cn=manager,dc=example,dc=net
_Description: LDAP account for root:
This account will be used when root changes a password.
.
Note: This account has to be a privileged account.
Template: libpam-ldap/rootbindpw
Type: password
_Description: LDAP root account password:
Please enter the password to use when ${package} tries to
login to the LDAP directory using the LDAP account for root.
.
The password will be stored in a separate file ${filename}
which will be made readable to root only.
.
Entering an empty password will re-use the old password.
Template: libpam-ldap/dblogin
Type: boolean
Default: false
_Description: Does the LDAP database require login?
Choose this option if you can't retrieve entries from
the database without logging in.
.
Note: Under a normal setup, this is not needed.
Template: shared/ldapns/base-dn
Type: string
Default: dc=example,dc=net
_Description: Distinguished name of the search base:
Please enter the distinguished name of the LDAP search base. Many sites
use the components of their domain names for this purpose. For example,
the domain "example.net" would use "dc=example,dc=net" as the
distinguished name of the search base.
Template: libpam-ldap/pam_password
Type: select
__Choices: clear, crypt, nds, ad, exop, md5
Default: crypt
_Description: Local crypt to use when changing passwords.
The PAM module can set the password crypt locally when changing the
passwords, this is usually a good choice. By setting this to something
else than clear you are making sure that the password gets crypted in some
way.
.
The meanings for selections are:
.
clear - Don't set any encryptions, this is useful with servers that
automatically encrypt userPassword entry.
.
crypt - (Default) make userPassword use the same format as the flat
filesystem. this will work for most configurations
.
nds - Use Novell Directory Services-style updating, first remove the old
password and then update with cleartext password.
.
ad - Active Directory-style. Create Unicode password and update unicodePwd
attribute
.
exop - Use the OpenLDAP password change extended operation to update the
password.
Template: shared/ldapns/ldap_version
Type: select
Choices: 3, 2
Default: 3
_Description: LDAP version to use:
Please enter which version of the LDAP protocol should be used by
ldapns. It is usually a good idea to set this to the highest
available version number.
Template: libpam-ldap/binddn
Type: string
Default: cn=proxyuser,dc=example,dc=net
_Description: Unprivileged database user:
Please enter the name of the account that will be used to log in to the LDAP
database.
.
Warning: DO NOT use privileged accounts for logging in, the configuration
file has to be world readable.
Template: libpam-ldap/dbrootlogin
Type: boolean
Default: true
_Description: Make local root Database admin.
This option will allow you to make password utilities that use pam, to
behave like you would be changing local passwords.
.
The password will be stored in a separate file which will be made
readable to root only.
.
If you are using NFS mounted /etc or any other custom setup, you should
disable this.
Template: shared/ldapns/ldap-server
Type: string
Default: ldapi:///
_Description: LDAP server Uniform Resource Identifier:
Please enter the URI of the LDAP server used. This is a string in the
form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also
be used. The port number is optional.
.
Note: It is usually a good idea to use an IP address; this reduces risks
of failure in the event name service is unavailable.
Template: libpam-ldap/bindpw
Type: password
_Description: Password for database login account:
Please enter the password that will be used to log in to the LDAP database.
Template: libpam-ldap/override
Type: boolean
Default: true
_Description: Make debconf change your config?
libpam-ldap has been moved to use debconf for its configuration. Should
the settings in debconf be applied to the configuration? Package
upgrades will use your answer here going forward.
|
