Date: Mon, 19 Jul 1999 15:47:33 -0400 From: "David E. Cross" <crossd@cs.rpi.edu> To: Mike Smith <mike@smith.net.au> Cc: Oscar Bonilla <obonilla@fisicc-ufm.edu>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, freebsd-hackers@FreeBSD.ORG, crossd@cs.rpi.edu Subject: Re: PAM & LDAP in FreeBSD Message-ID: <199907191947.PAA12399@cs.rpi.edu> In-Reply-To: Message from Mike Smith <mike@smith.net.au> of "Mon, 19 Jul 1999 12:33:53 PDT." <199907191933.MAA00760@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Mike Smith wrote: > > On Mon, Jul 19, 1999 at 06:13:51PM +0200, Dag-Erling Smorgrav wrote: > > > Oscar Bonilla <obonilla@fisicc-ufm.edu> writes: > > > > the idea is to have an entry in the /etc/passwd enabling LDAP lookups. > > > > the Entry would be of the form > > > > > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com > > > > > > Horrible idea. > > > > > > > suggestions? > > Use PAM. PAM isn't going to cut it. This is outside of its realm. Things like ps, top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able to pull 'passwd' entries from the LDAP server, and unless we PAM all of those (I think that is a very bad idea), then a person will be able to login but will be dead in the water without a UID <->Username mapping. -- David Cross | email: crossd@cs.rpi.edu Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907191947.PAA12399>