On Thu, 2007-01-04 at 16:29 -0600, L. V. Lammert wrote: > If you DID wish to use OpenLDAP for OBSD user authentication, it seems to > be possible via Kerberos/heimdal: > > http://www.pdc.kth.se/heimdal/heimdal.html > > See the section on 'Using LDAP to store the database'.
this is quite different that using LDAP to store your user information...this is when you want to use LDAP to actually store the database Kerberos uses for it's passwords. on Linux, I have done easily via nss_ldap, storing user and group accounts (the equivalent of /etc/passwd and /etc/groups) in LDAP while keeping all actual authentication in Kerberos. It's fairly easy and very, very, very convenient to have this centralized system to do AAA. on the OpenBSD boxes here, I can only use the Kerberos side of things so far. Since I can't specify that OpenBSD should look in LDAP for it's user and group accounts, I have to maintain them manually, but the authentication piece is still centralized. oh, and login_ldap doesn't help as it only allows you to store passwords in LDAP, which I would never recommend -- the same as the above mentioned Kerberos in LDAP, in a not so round-about way, but without the benefits of a ticket system. later. ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219-4444 ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
