Date: Mon, 19 Jul 1999 14:11:18 -0700 From: Mike Smith <mike@smith.net.au> To: "David E. Cross" <crossd@cs.rpi.edu> Cc: Mike Smith <mike@smith.net.au>, Oscar Bonilla <obonilla@fisicc-ufm.edu>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-hackers@FreeBSD.ORG Subject: Re: PAM & LDAP in FreeBSD Message-ID: <199907192111.OAA01326@dingo.cdrom.com> In-Reply-To: Your message of "Mon, 19 Jul 1999 15:47:33 EDT." <199907191947.PAA12399@cs.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com > > > > > > > > Horrible idea. > > > > > > > > > > suggestions? > > > > Use PAM. > > PAM isn't going to cut it. This is outside of its realm. Things like ps, > top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able > to pull 'passwd' entries from the LDAP server, and unless we PAM all of those > (I think that is a very bad idea), then a person will be able to login but > will be dead in the water without a UID <->Username mapping. The Linux-PAM folks solved this with their 'libpwdb', which basically provides a transport-neutral interface to the whole uid:userdata mapping. Unfortunately, their implementation _reeks_, so nobody has touched it yet. This is, however, how I think we should be going. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ msmith@freebsd.org \\ -- Joseph Merrick \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907192111.OAA01326>