> > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com > > > > > > > > Horrible idea. > > > > > > > > > > suggestions? > > > > Use PAM. > > PAM isn't going to cut it. This is outside of its realm. Things like ps, > top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able > to pull 'passwd' entries from the LDAP server, and unless we PAM all of those > (I think that is a very bad idea), then a person will be able to login but > will be dead in the water without a UID <->Username mapping.
The Linux-PAM folks solved this with their 'libpwdb', which basically provides a transport-neutral interface to the whole uid:userdata mapping. Unfortunately, their implementation _reeks_, so nobody has touched it yet. This is, however, how I think we should be going. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ msm...@freebsd.org \\ -- Joseph Merrick \\ msm...@cdrom.com To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
