From owner-freebsd-hackers Mon Jul 19 12:50: 6 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from cs.rpi.edu (mumble.cs.rpi.edu [128.213.8.16]) by hub.freebsd.org (Postfix) with ESMTP id 69A3F15239 for ; Mon, 19 Jul 1999 12:50:03 -0700 (PDT) (envelope-from crossd@cs.rpi.edu) Received: from cs.rpi.edu (phoenix.cs.rpi.edu [128.113.96.153]) by cs.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA12399; Mon, 19 Jul 1999 15:47:37 -0400 (EDT) Message-Id: <199907191947.PAA12399@cs.rpi.edu> To: Mike Smith Cc: Oscar Bonilla , Dag-Erling Smorgrav , freebsd-hackers@FreeBSD.ORG, crossd@cs.rpi.edu Subject: Re: PAM & LDAP in FreeBSD In-Reply-To: Message from Mike Smith of "Mon, 19 Jul 1999 12:33:53 PDT." <199907191933.MAA00760@dingo.cdrom.com> Date: Mon, 19 Jul 1999 15:47:33 -0400 From: "David E. Cross" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Mike Smith wrote: > > On Mon, Jul 19, 1999 at 06:13:51PM +0200, Dag-Erling Smorgrav wrote: > > > Oscar Bonilla writes: > > > > the idea is to have an entry in the /etc/passwd enabling LDAP lookups. > > > > the Entry would be of the form > > > > > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com > > > > > > Horrible idea. > > > > > > > suggestions? > > Use PAM. PAM isn't going to cut it. This is outside of its realm. Things like ps, top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able to pull 'passwd' entries from the LDAP server, and unless we PAM all of those (I think that is a very bad idea), then a person will be able to login but will be dead in the water without a UID <->Username mapping. -- David Cross | email: crossd@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message