This is slightly off-topic, but quite related. Writing LDAP getty/login is fairly trivial, and I am planning to authenticate real users on my machines with an LDAP checkpassword, and a checkpassword login. This would be better than pam-ldap because it is not PAM, and so it is simple, small and flexible :).
What is not trivial however is the routines in libc which also need to use LDAP instead of /etc/passwd. Linux and Solaris can use nss-ldap. Also, a big, complex monster which I would not be be happy running. Besides, nss-ldap on FreeBSD must use (gasp!) BIND library, and requires libc recompile. I cannot force myself to use BIND after using djbdns. nss-ldap cannot be used natively with *BSD due to lacking/incompatible NSS implementations. Is there anything already available to solve this problem? Have you approached this problem? Has anyone approached this problem? Is there anything in the works? What do you think of pam-ldap and nss-ldap? Thanks for the input.
