From owner-freebsd-hackers  Mon Jul 19 12:58: 2 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from lestat.nas.nasa.gov (lestat.nas.nasa.gov [129.99.50.29])
	by hub.freebsd.org (Postfix) with ESMTP id 6962C15268
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 19 Jul 1999 12:57:59 -0700 (PDT)
	(envelope-from thorpej@lestat.nas.nasa.gov)
Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id MAA13340; Mon, 19 Jul 1999 12:57:31 -0700 (PDT)
Message-Id: <199907191957.MAA13340@lestat.nas.nasa.gov>
To: "David E. Cross" <crossd@cs.rpi.edu>
Cc: Mike Smith <mike@smith.net.au>,
	Oscar Bonilla <obonilla@fisicc-ufm.edu>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD 
Reply-To: Jason Thorpe <thorpej@nas.nasa.gov>
From: Jason Thorpe <thorpej@nas.nasa.gov>
Date: Mon, 19 Jul 1999 12:57:30 -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 19 Jul 1999 15:47:33 -0400 
 "David E. Cross" <crossd@cs.rpi.edu> wrote:

 > PAM isn't going to cut it.  This is outside of its realm.  Things like ps,
 > top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able
 > to pull 'passwd' entries from the LDAP server, and unless we PAM all of those
 > (I think that is a very bad idea), then a person will be able to login but
 > will be dead in the water without a UID <->Username mapping.

What you want is nsswitch, a'la Solaris.

nsswitch tells you what the user's name is, PAM tells you how that user is
to authenticate himself.  The two things are orthogonal, and nsswitch and
PAM together can work quite well.  Solaris, for example, has both.

        -- Jason R. Thorpe <thorpej@nas.nasa.gov>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message