On Fri, Jan 05, 2007 at 08:56:24PM +0100, Maxim Bourmistrov wrote:
> On Friday 05 January 2007 20:05, Dave Ewart wrote:
> > On Friday, 05.01.2007 at 09:33 -0600, Ryan Corder wrote:
> >
> > > on Linux, I have done easily via nss_ldap, storing user and group
> > > accounts (the equivalent of /etc/passwd and /etc/groups) in LDAP while
> > > keeping all actual authentication in Kerberos. It's fairly easy and
> > > very, very, very convenient to have this centralized system to do AAA.
> >
> > I've been wondering about this too and haven't found any documentation.
> > I use nss_ldap and pam_ldap to provide users, groups and authentication
> > on my Debian boxes.
> >
> > Is there any way to do this under OpenBSD?
>
> check out login_ldap in ports.
See Ryan's original post for why this does not suffice (it only
authenticates, but does not store other information - like the existence
of a user).
To the best of my knowledge, no, there is not currently such a thing. It
would be easy enough to build a script to periodically sync
/etc/master.passwd and LDAP, but that's not quite the same...
Joachim
