On Thu, 17 Jan 2002, Filippo Carletti wrote:
> I think it would be a nice package to have on e-smith.
> I played with it in the last 30 minutes. I need some assistance on the ldap
> front, but I have it nearly working.
> I don't understand the auth part.
>
> # bind to directory server as once the user is authenticated to the auth
> server. this should not be a "god" user
> BIND_AS : cn=Filippo,o=F.B.F.
> # bind password
> BIND_PASSWORD :
>
> e-smith has an ldap db for username storage, but not for auth.
I don't think this actually means that ldap would be used for auth. It
just means that there would be an authenticated connection to ldap, rather
than anonymous. That said, we don't have support for any authenticated
connections, except for the "god" user.
> ldapsearch cn=* returns:
>
> uid=filippo,dc=fbf,dc=dnsalias,dc=com
> objectclass=person
> uid=filippo
> cn=Filippo Carletti
> givenname=Filippo
> sn=Carletti
> [EMAIL PROTECTED]
> telephonenumber=+39 xxxxx
> o=F.B.F.
> l=Fano
> street=Via xxx sn
>
> Do we need a separate db for auth ? It would be better to auth against
> /etc/passwd.
Not necessarily. As long as an alternative is equally secure, and as
reliable as it needs to be, then an alternative auth db is OK. Currently
samba has its own authentication db, used for Microsoft ("please trust our
software") hashed authentication.
--
Charlie Brady [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
