From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 26 07:01:53 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6879737B404 for ; Wed, 26 Mar 2003 07:01:53 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id C49C043F75 for ; Wed, 26 Mar 2003 07:01:52 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 4B011A3; Wed, 26 Mar 2003 09:01:52 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 3917B78C43; Wed, 26 Mar 2003 09:01:52 -0600 (CST) Date: Wed, 26 Mar 2003 09:01:52 -0600 From: "Jacques A. Vidrine" To: omestre@freeshell.org Message-ID: <20030326150152.GG33671@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , omestre@freeshell.org, freebsd-hackers@freebsd.org References: <20030326124420.388DE10160@ws-tor-0004.procergs> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030326124420.388DE10160@ws-tor-0004.procergs> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 X-Spam-Status: No, hits=-32.0 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-hackers@freebsd.org Subject: Re: pam_ldap... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 15:01:56 -0000 On Wed, Mar 26, 2003 at 09:44:14AM -0300, omestre@freeshell.org wrote: > > Thanks for the answers, but why pam_ldap in FreeBSD, if i > can't authenticate in ldap servers? You _can_ authenticate. Pluggable _Authentication_ Modules (PAM). In the PAM model, authenticating is more or less just the act of confirming a username and password. > Sorry, but i can't understand... The part you are missing is that before you can authenticate, you must have account and authorization information. For UNIX services, this means that e.g. getpwnam() needs to find you. This is the job that NSS does. As you have noted, FreeBSD 5.0's NSS only does files, NIS, and Hesiod. One can mix and match ... users can be managed via NIS (using NSS), while authentication is handled by LDAP (using PAM), for example. i.e. PAM and NSS are two different, orthogonal systems, and any attempt to make assumptions on one based on the other will only result in confusion :-) > You did give me solutions with nis.. nis/gateway... where can > i find a "official" howto? The FreeBSD team do not talk about it. , perhaps. > The last question? > Why FreeBSD do not support ldap authentication? (nss_ldap) > files, nis, hesiod??? do we live in the past? One of great > things in 5.0 release for me, should be this! :) Wait for FreeBSD 5.1. > Thanks again, and sorry by the english. Your English is easily understood, don't be sorry. But maybe don't use so many multiple-punctuation marks, such as ??? !!! It comes across rudely and I don't think that is what you wished. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se