Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 30 Sep 2001 15:33:58 -0400 (EDT)
From:      Joe Clarke <marcus@marcuscom.com>
To:        Gabriel Ambuehl <gabriel_ambuehl@buz.ch>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: pam_ldap and features requiring regular UNIX users...
Message-ID:  <20010930152814.F33801-100000@shumai.marcuscom.com>
In-Reply-To: <183493754271.20010930131207@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sun, 30 Sep 2001, Gabriel Ambuehl wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hello,
> I wonder whether there's any solution to use either pam_ldap or
> pam_mysql for user management (in a virtualhosting enviroment, so
> mostly for (S)FTP authentication) and still be able to use the
> benefits that come with the use of traditional /etc/master.passwd
> based users like FS quotas or suexec execution of CGI scripts.
> I for myself don't think there's any way to use those features
> without
> having the respective users in /etc/master.passwd and thus think it
> ain't any good for us, but before I definitely vote against
> the pam against database stuff, I'd like to check whether I'm
> right...

PAM in general is authentication only.  PAM allows you to keep passwords
in a central location.  However, for authorization and accouting, you
still need either a local password file or NIS/YP.  Therefore, all your
users can have a '*' for their password in master.passwd, but they need to
be there.  All your quota, home directories, groups, etc. will be handled
locally.  the only thing PAM will do for you is allow those users to be
authenticated remotely (via LDAP or MySQL).

I ported the pam_ldap module, and use it at home for my network.  It works
well.  The same company that writes pam_ldap, PADL, also has a YP to LDAP
gateway, and a nsswitch library for LDAP (requires -current).  Bill Moran
on this and other FreeBSD lists was wanting to get YP/LDAP working so he
could do authorization as well as authentication with LDAP.  You may want
to search the archives to see if he's posted his progress.

Joe

>
> Any comments would be greatly appreciated.
>
>
>
>
> Best regards,
>  Gabriel
> 
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5i
>
> iQEVAwUBO7bv+sZa2WpymlDxAQGevwf9Hqf2TFBzgRb/8GcGDnUFzEYRXCaGEb6Q
> s4CopPtu/Bv/LIabIVoPiwXJ9j2thy8Wdp0Iw9ViQ5Z+yV776s0O9ECd+XdVB9J5
> elD8mv5vamFiY0sMHXvE/NioMsgsjpfeGUxxluA/PBvTQp5kuXgs9XK1g7Jp6Osw
> 2idLlOokk4dHMUH19ymqH48bZuHfG/X2Pzk8fnM2NCGCXd0YbBPOtls28ersAdJn
> Ev7gq6346zTk8OSf0ejkrQMXqgDOnAs0/rgMok01iTnNB4X29ReCI+mujcl7OZAl
> 7K1fb6wWdqkK6CltIkijwcABUeXvUBJn71D4HWSVlbZXW00NyhHcWg==
> =WPx7
> -----END PGP SIGNATURE-----
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010930152814.F33801-100000>