> > > > > ldap:*:389:389:o=My Organization, c=BR:uid:ldap.myorg.com
> > > >
> > > > Horrible idea.
> > > >
> > >
> > > suggestions?
> >
> > Use PAM.
>
> PAM isn't going to cut it. This is outside of its realm. Things like ps,
> top, ls, chown, chmod, lpr, rcmd, who, w, (the list goes on) need to be able
> to pull 'passwd' entries from the LDAP server, and unless we PAM all of those
> (I think that is a very bad idea), then a person will be able to login but
> will be dead in the water without a UID <->Username mapping.
The Linux-PAM folks solved this with their 'libpwdb', which basically
provides a transport-neutral interface to the whole uid:userdata
mapping. Unfortunately, their implementation _reeks_, so nobody has
touched it yet.
This is, however, how I think we should be going.
--
\\ The mind's the standard \\ Mike Smith
\\ of the man. \\ [EMAIL PROTECTED]
\\ -- Joseph Merrick \\ [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
