From owner-freebsd-hackers Mon Jul 19 14:18:51 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (Postfix) with ESMTP id CB53514EE7 for ; Mon, 19 Jul 1999 14:18:49 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost.cdrom.com [127.0.0.1]) by dingo.cdrom.com (8.9.3/8.8.8) with ESMTP id OAA01326; Mon, 19 Jul 1999 14:11:18 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Message-Id: <199907192111.OAA01326@dingo.cdrom.com> X-Mailer: exmh version 2.0.2 2/24/98 To: "David E. Cross" Cc: Mike Smith , Oscar Bonilla , Dag-Erling Smorgrav , freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD In-reply-to: Your message of "Mon, 19 Jul 1999 15:47:33 EDT." <199907191947.PAA12399@cs.rpi.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 19 Jul 1999 14:11:18 -0700 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com > > > > > > > > Horrible idea. > > > > > > > > > > suggestions? > > > > Use PAM. > > PAM isn't going to cut it. This is outside of its realm. Things like ps, > top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able > to pull 'passwd' entries from the LDAP server, and unless we PAM all of those > (I think that is a very bad idea), then a person will be able to login but > will be dead in the water without a UID <->Username mapping. The Linux-PAM folks solved this with their 'libpwdb', which basically provides a transport-neutral interface to the whole uid:userdata mapping. Unfortunately, their implementation _reeks_, so nobody has touched it yet. This is, however, how I think we should be going. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ msmith@freebsd.org \\ -- Joseph Merrick \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message