From owner-freebsd-questions@FreeBSD.ORG Tue Mar 18 04:22:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FF531065674 for ; Tue, 18 Mar 2008 04:22:07 +0000 (UTC) (envelope-from mla@nasreddine.com) Received: from server1.nasreddine.com (server1.nasreddine.com [82.225.70.234]) by mx1.freebsd.org (Postfix) with ESMTP id 0CCD28FC1F for ; Tue, 18 Mar 2008 04:22:06 +0000 (UTC) (envelope-from mla@nasreddine.com) Received: from localhost (unknown [192.168.2.5]) by server1.nasreddine.com (Postfix) with ESMTP id 9EC071231D33 for ; Tue, 18 Mar 2008 04:22:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at nasreddine.info Received: from server1.nasreddine.com ([192.168.2.5]) by localhost (cadmus-mail.nasreddine.info [192.168.2.5]) (amavisd-new, port 10024) with LMTP id v16iTFcZVuHA for ; Tue, 18 Mar 2008 04:22:02 +0000 (UTC) Received: from phoenix.nasreddine.info (phoenix.nasreddine.info [192.168.1.3]) by server1.nasreddine.com (Postfix) with ESMTPA id D62ED1231D32 for ; Tue, 18 Mar 2008 04:22:01 +0000 (UTC) Date: Tue, 18 Mar 2008 05:21:52 +0100 From: Wael Nasreddine Cc: freebsd-questions@freebsd.org Message-ID: <20080318041216.GA18220@phoenix.nasreddine.info> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UfEAyuTBtIjiZzX6" Content-Disposition: inline X-OS: Linux 2.6.24-tuxonice-r3 i686 X-Editor: VIM - Vi IMproved 7.1 (2007 May 12, compiled Mar 8 2008 19:37:19) X-PGP-Key: http://wael.nasreddine.com/files/Wael_Nasreddine.asc User-Agent: Mutt/1.5.16 (2007-06-09) Subject: LDAP authenticating for Jails. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2008 04:22:07 -0000 --UfEAyuTBtIjiZzX6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I just finished setting up my server, I installed FreeBSD 7-RELEASE host + 7 jails, 2 of them are USERS and MAIL, the USERS is a jail where users should login via SSH.. For my Mail system, I have both the virtual mail with authenticating =66rom MySQL, and home-mail with PAM authentication, all done via courier-imap and authlib... the reason I have such setup is because I use fetchmail/procmail ( for multiple user ) to download all my email accounts and store them in my home folder, delivery would be via IMAP only... Anyway, the users used to change their email password ( the home-mail password) using usual passwd mechanism, but since the MAIL is received/sent on another Jail, I have to come up with a way to authenticate from a shared database ( or if it's possible to synchronise password changes between jails which I doubt ), So I thought of creating a new jail with only an LDAP server running, with all users accounts, this way SSH can login to USERS jail and IMAP to MAIL jail using the same password, but I have never done this before so I might need some help... First things first, If I deployed this mechanism, will the user be able to change the password with a simple passwd command? Or should he go through LDAP ( phpMyLDAP ?? ) Could you please point me in the direction of having such mechanism ? I found this tutorial[1] but I'm not sure if it's outdated or not... [1]: http://chaos.untouchable.net/index.php/HOWTO_setup_freebsd_6_ldap_auth= entication Regards, --=20 Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 =2E: An infinite number of monkeys typing into GNU emacs, would never make a good program. (L. Torvalds 1995) :. --UfEAyuTBtIjiZzX6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH30NgVWU5RcjdGKIRAhtcAJ9YeOq90tM4519p7Z2/hVWNCWBrgACfQo1w DCNZH+1XdM6ME12oQ7eUJwE= =84j2 -----END PGP SIGNATURE----- --UfEAyuTBtIjiZzX6--