I'm researching setting up a wireless gateway using OpenBSD and authpf.
We've got an existing Active Directory (2003) domain with about 5000
user accounts that I'd like to authenticate against.
LDAP seemed like the obvious choice, but it appears I need to create
local accounts to use login_ldap, and it'd be unwieldy to sync 5000
users. There's also a patch for nsswitch, but I'd rather not use a
custom build if I don't have to.
Kerberos also sounded like a good idea, but if I understand correctly,
the clients would need a Kerberized ssh client, and they'd have to be
able to access the KDC before logging in to the gateway.
Is there a better way to do this?
