pam_ldap module provides the means for Solaris and Linux servers and workstations to authenticate against LDAP directories, and to change their passwords in the directory.
Here are some key features of "pam ldap":
· Uses the Pluggable Authentication Module API defined in OSF DCE RFC 86.0.
· Can utilize transport layer security (such as SSL or TLS) to encrypt transactions between the workstation and the LDAP server and provide strongly authenticated sign-on
· Support for SASL interactive authentication for strong authentication without the overhead of SSL/TLS
· Shares configuration information with nss_ldap module
· Supports PADL NIS/LDAP Gateway locator for finding LDAP servers
· Supports Netscape and IETF password policies
· Supports host- and group-based logon authorization
· AIX 5L
· FreeBSD 3.x and above
· HP-UX 11i
· Solaris 2.6 and above
In addition, pam_ldap requires an LDAP client library, and (optionally) a SASL library compatible with the Cyrus SASL API.