Date: Thu, 11 Apr 2002 15:58:52 -0700 From: "Lance Uyehara" <lance@verniernetworks.com> To: "Benjamin Krueger" <benjamin@macguire.net>, "Roger Marquis" <marquis@roble.com> Cc: <security@FreeBSD.ORG> Subject: Re: Centralized authentication Message-ID: <033b01c1e1ac$73111b50$880aa8c0@lancetest.com> References: <20020411081813.H55087-100000@roble.com> <20020411153018.A9962@rain.macguire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> * Roger Marquis (marquis@roble.com) [020411 08:26]: > > faSty <fasty@i-sphere.com> wrote: > > >I dont see any NIS or NIS+ on handbook. I tried setup the NIS+ > > >and I am not experience with these feature. anyone can point > > >where the HOWTO NIS or NIS+? > > > > Try a web search (via Google or any other search engine). I found > > several good links from a query using "nis" and "howto". There's > > also 'man -k yp' or, more specifically `man -k yp|grep ^yp'. > > > > `man ypinit` might be a good place to start. > > > > -- > > Roger Marquis > > Roble Systems Consulting > > http://www.roble.com/ > > Folks following this discussion might also be interested in the following > article which describes a mechanism for authenticating unix clients in an > Active Directory environment. > > http://online.securityfocus.com/infocus/1563 If you are going to use LDAP + AD for authentication, AD does not send back the user password in any form. So you can not use anonymous, or rootdn/rootpw for your bind. You must use the cn or samAccountName + the user password. Normal LDAP (port 389) will send the password in the clear, so to effectively use this you must use LDAPS (port 636). -Lance To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?033b01c1e1ac$73111b50$880aa8c0>