On Tue, 2003-08-12 at 01:50, Fred Clausen wrote:
> Hi All,
>
> I am in the process of deploying openldap for authentication. I am just
> not sure what the best policy is for including system account like root,
> daemon, lp, etc. in LDAP. Should they be there for consistency across
> systems? Or wi
На ?, 2003-08-12 в 16:43, Stephane Bortzmeyer записа:
> I do not really see why you want that (I suspect you should use groups
> instead) but that's what PAM is for. Just put different things in
> /etc/pam.d/ssh and /etc/pam.d/imap.
I have a question about the pam thing ...
I had to make sshd to a
I am not an expert. In fact, all my attempts at LDAP have been
frusterated by authentication issues, but here is my take.
The goal for LDAP authentication is to have consistent user accounts
across a network of machines. System accounts do not need to roam like
user accounts in this scenario.
O
Hi All,
I am in the process of deploying openldap for authentication. I am just
not sure what the best policy is for including system account like root,
daemon, lp, etc. in LDAP. Should they be there for consistency across
systems? Or will they just cause confusion by having the same system
accoun
On Wed, 2003-08-13 at 02:38, Korey Renner wrote:
> I am not an expert. In fact, all my attempts at LDAP have been
> frusterated by authentication issues, but here is my take.
http://wiki.debian.net/index.cgi?LDAPAuthentication
Most questions answered... the ones that aren't you can answer yourse
On Tue, Aug 12, 2003 at 11:15:17AM +0200,
Leonardo Boselli <[EMAIL PROTECTED]> wrote
a message of 23 lines which said:
> I am thinking about ist: is possible to use the ldap authentication
> for ALL BUT imap and ftp (that should use the passwd file
I do not really see why you want that (
I woul use a different password for crypted and uncrypted channels !
On 12 Aug 2003, at 15:43, Stephane Bortzmeyer wrote:
> On Tue, Aug 12, 2003 at 11:15:17AM +0200,
> Leonardo Boselli <[EMAIL PROTECTED]> wrote
> a message of 23 lines which said:
>
> > I am thinking about ist: is possible to
On Tue, 2003-08-12 at 00:58, Donovan Baarda wrote:
> On Tue, 2003-08-12 at 01:50, Fred Clausen wrote:
[...snip...]
> >
> > What would you guys suggest is the best practice?
>
> In general its inadvisable to have system users in LDAP; when LDAP
> breaks you can't even log in at the console as root
On Tue, Aug 12, 2003 at 05:13:29PM +0300,
? ? <[EMAIL PROTECTED]> wrote
a message of 35 lines which said:
> that, to have the session and etc. things, i need to use the NSS system
> (/etc/nsswitch.conf) with the nss-pgsql module, not the PAM stuff
Of course, because some functions do n
On 12 Aug 2003, at 9:58, Donovan Baarda wrote:
> In general its inadvisable to have system users in LDAP; when LDAP
> breaks you can't even log in at the console as root.
> The default LDAP migration script in the debian migrationtools does
> not migrate all users below UID 1000 and groups below GI
10 matches
Mail list logo
