From owner-freebsd-current@FreeBSD.ORG Mon May 19 12:53:23 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C68D37B401 for ; Mon, 19 May 2003 12:53:23 -0700 (PDT) Received: from herald.cc.purdue.edu (herald.cc.purdue.edu [128.210.11.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id B501343F3F for ; Mon, 19 May 2003 12:53:22 -0700 (PDT) (envelope-from sdebnath@purdue.edu) Received: from localhost (wm-cpu1.itcs.purdue.edu [128.210.11.233]) h4JJrMnc029497 for ; Mon, 19 May 2003 14:53:22 -0500 (EST) Received: from dhcp189-014.cc.purdue.edu (dhcp189-014.cc.purdue.edu [128.210.189.14]) by webmail.purdue.edu (IMP) with HTTP for ; Mon, 19 May 2003 14:45:13 -0500 Message-ID: <1053373513.3ec9344922f84@webmail.purdue.edu> Date: Mon, 19 May 2003 14:45:13 -0500 From: Shawn Debnath To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2-cvs Subject: Fwd: Re: Acceptable LDAP solutions X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sdebnath@cs.purdue.edu List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2003 19:53:23 -0000 Hi, Thanks for replying. Yes, we have a centralized linux LDAP server and all account information and passwords are stored in it. Why are you using kerberos instead of LDAP for passwords? Any specific gains from doing this? Shawn Quoting Gordon Tetlow : > On Mon, May 19, 2003 at 12:38:49PM -0500, Shawn Debnath wrote: > > Sorry about that, we are trying to setup a massive network of boxes, and > FreeBSD > > will be a go for those if I can get LDAP to work properly for > authentication. I > > have heard that FreeBSD 5.1 has better support for it, but would like to > know if > > anyone has tackled it yet. > > I'm probably the best person to answer this. My current setup and reason > to push for a NSS implementation for FreeBSD was to integrate my boxen > into my companies Active Directory infrastructure. > > The short answer is that FreeBSD is in a productionable enough state to > get account details out of LDAP if you can live with a couple of hiccups. > Most noteably, statically linked binaries (like /bin/ls) won't know > anything about accounts from LDAP. > > Are you planning on storing your passwords in LDAP? Personally, I'm > using a Kerberos realm for the authentication piece and LDAP for account > details. > > -gordon > -- ----- End forwarded message ----- --