Authentication and Services
The authentication method can be specified for a given service in the serviceAuthenticationMethod attribute. The following services currently support this.
-
passwd-cmd
This service is used bypasswd(1) to change the login password and password attributes.
-
keyserv
This service is used by thechkey(1) and newkey(1M) utilities to create and change a user's Diffie-Hellman key pair.
-
pam_ldap
This service is used for authenticating users with pam_ldap.
Note –
If the service does not have a serviceAuthenticationMethod set, it will default to the value of the authenticationMethod attribute.
The following example shows a section of a client profile in which the users will use sasl/digest-MD5 to authenticate to the directory server, but will use an SSL session to change their password.
serviceAuthenticationMethod=pam_ldap:sasl/digest-MD5 serviceAuthenticationMethod=passwd-cmd:tls:simple |
- © 2010, Oracle Corporation and/or its affiliates