From owner-freebsd-questions Mon Jan 21 21:52:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from fedde.littleton.co.us (cfedde.dsl.frii.net [216.17.139.141]) by hub.freebsd.org (Postfix) with ESMTP id 7D66B37B404 for ; Mon, 21 Jan 2002 21:52:17 -0800 (PST) Received: from fedde.littleton.co.us (localhost [127.0.0.1]) by fedde.littleton.co.us (8.11.6/8.11.4) with ESMTP id g0M5qD824680; Mon, 21 Jan 2002 22:52:13 -0700 (MST) Message-Id: <200201220552.g0M5qD824680@fedde.littleton.co.us> To: "Jon Larssen" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Long user names In-Reply-To: From: Chris Fedde Date: Mon, 21 Jan 2002 22:52:13 -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 22 Jan 2002 03:49:44 +0000 "Jon Larssen" wrote: +------------------ | Hello, | | I've been charged with the implementation here at my company of a | company-wide single-sign-in (or login), much like MS Passport is. The | problem is that the designers decided to use the "global" usernames of the | form @. For instance, my network username would be: | | jon@noc.example.com | | PS. How is this related to FreeBSD? Because in a couple of FreeBSD servers | we'll have the company-wide user directory (replicated LDAP), email services +------------------ A little bit of digging shows that pam_ldap is available for FreeBSD and that the configuration file supports some significant means of customizing both the search base and the uid= filter. It is tied to the standard posixAccount ldap schema. Also, keep in mind that most users will not need or want login accounts to the directory or email servers. Infact in most cases it would be a bad idea to permit your average user to have shell login to these nodes. In those cases special priveleges are required. -- Chris Fedde To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message