From owner-freebsd-hackers  Mon Jul 19 20:57: 9 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from voyager.fisicc-ufm.edu (ip-61-037.guate.net [200.12.61.37])
	by hub.freebsd.org (Postfix) with ESMTP id A652415086
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 19 Jul 1999 20:56:46 -0700 (PDT)
	(envelope-from obonilla@voyager.fisicc-ufm.edu)
Received: (from obonilla@localhost)
	by voyager.fisicc-ufm.edu (8.9.3/8.9.3) id SAA00866;
	Mon, 19 Jul 1999 18:00:27 -0600 (CST)
	(envelope-from obonilla)
Date: Mon, 19 Jul 1999 18:00:26 -0600
From: Oscar Bonilla <obonilla@fisicc-ufm.edu>
To: Wes Peters <wes@softweyr.com>
Cc: Mike Smith <mike@smith.net.au>,
	"David E. Cross" <crossd@cs.rpi.edu>,
	Oscar Bonilla <obonilla@fisicc-ufm.edu>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD
Message-ID: <19990719180026.A830@fisicc-ufm.edu>
References: <199907192111.OAA01326@dingo.cdrom.com> <3793ABE0.15090E38@softweyr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.6i
In-Reply-To: <3793ABE0.15090E38@softweyr.com>; from Wes Peters on Mon, Jul 19, 1999 at 04:51:12PM -0600
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jul 19, 1999 at 04:51:12PM -0600, Wes Peters wrote:
> The implementation details are as unimportant as ever: they have to work
> and be maintainable.  Following prior art remains a good idea; the Solaris
> "name service switch" implementation is a good starting point to consider.
> 

I agree. In solaris (and linux by the way) all you do is set
passwd 	ldap files
in /etc/nsswitch.conf
and that's it.

I had started to write the code to mess with libc to "fix" the getpwent stuff,
but a better solution is to "port" the nsswitch stuff from linux (i don't have
source from solaris :)

Anyone more knowledgeable should give me a big hand here and point me to the
right way to start this. I'm willing to do the coding but need help on the
overall design.

Since I need this working asap, I'm gonna hack libc so that if the file
/etc/auth.conf has a line saying auth_list = ldap, it looks in /etc/ldap.conf
to get the rest of the stuff (server, port, base dn, etc).

At the same time, we should work towards a real solution.

regards,

-Oscar

-- 
For PGP Public Key: finger obonilla@fisicc-ufm.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message