Configuring LDAP Client Access
Okay, so I had originally asked a question about setting up LDAP, but I answered it my self. It was a long and detailed question, so I thought I'd shorten it up. My question was the following:
When setting up an LDAP server, do you need to edit /etc/pam.d/* configuration files on the client or server side?
After reading about PAM, it appears to me that this would be configured on the client side. I believe when the client runs a PAM-aware application, it checks it's PAM configuration file in /etc/pam.d and sees what it will use for authentication. You add the LDAP service to the configuration as sufficient so that it uses LDAP first for authentication and if it fails, goes onto to the next process of authentication. If it passes, it is considered sufficient enough authentication and gives access to the system.
I'm going to test it now. If anyone has a different answer or something to add, please do!