Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Nov 2000 14:21:37 -0600
From:      "Jacques A. Vidrine" <n@nectar.com>
To:        Mike <mikey@kappaisle.com>
Cc:        freebsd-questions@freebsd.org, freebsd-isp@freebsd.org
Subject:   Re: pam_ldap status?
Message-ID:  <20001114142137.A7172@hamlet.nectar.com>
In-Reply-To: <Pine.BSF.4.21.0011141418540.92064-100000@greencreek.kappaisle.com>; from mikey@kappaisle.com on Tue, Nov 14, 2000 at 02:21:49PM -0500
References:  <Pine.BSF.4.21.0011141418540.92064-100000@greencreek.kappaisle.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 14, 2000 at 02:21:49PM -0500, Mike wrote:
> Hello all,
> 
> What's the update on the pam_ldap development? Is FreeBSD ready for LDAP
> authentication and overcome the NSS issue?

You seem to be mixing up two mechanisms:  PAM (Pluggable Authentication
Modules) and NSS/nsswitch (Name Service Switch).


The former (PAM) is a mechanism for authenticating a user interactively
using a user name and password.  For LDAP, you can use pam_ldap from
http://www.pdal.com/pam_ldap.html.  PAM is supported by several
platforms (at least Solaris, Linux, and FreeBSD) and the interfaces are
very similar.

The latter (nsswitch) is intended to `switch' between different sources
as used by gethostbyname, getpwent, getgrent, et cetera.  The version of
nsswitch that is available in FreeBSD-CURRENT (and NetBSD) supports
files (e.g. /etc/passwd, /etc/hosts), NIS, and Hesiod as sources.
nsswitch is supported by at least Solaris, Linux, and (Free|Net)BSD, but
the interfaces are necessarily different between the three.

I have further developed a version for FreeBSD that allows additional
sources to be added as dynamic modules, and have ported nss_ldap from
http://www.padl.com/nss_ldap.html for use with it.  You can find the
software at http://www.nectar.com/freebsd/nsswitch.  It is a work in
progress, although I believe it is completely functional [1].  I expect
it will be ready to commit to -CURRENT sometime next month.


I hope this information helps,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org


[1] The primary deficiency is that the NetBSD nsswitch API is not quite
    sufficient for all types of sources.  Luke Mewburn <lukem@netbsd.org>
    and I are hashing out an API that both platforms (FreeBSD and NetBSD)
    will be able to use -- shortly after we have that settled, I think this
    nsswitch implementation will be ready for -CURRENT.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001114142137.A7172>