Prabhu Gurumurthy wrote:
How about using login_radius feature by modifying login.conf to add a
new radius profile and authenticate against a RADIUS server. You can
compile freeradius and have rad_ldap plugin on the RADIUS server to
authenticate against AD.
Will that still require creating
Steve Shockley wrote:
Prabhu Gurumurthy wrote:
How about using login_radius feature by modifying login.conf to add a
new radius profile and authenticate against a RADIUS server. You can
compile freeradius and have rad_ldap plugin on the RADIUS server to
authenticate against AD.
Will that
On Thursday 17 August 2006 00:39, Steve Shockley wrote:
Okay, in that case login_radius offers no benefit to me over login_ldap
(other than it's in base). Aside from the nsswitch patch posted on
tech@, is there any auth method that does *not* require adding entries
to /etc/passwd?
Yes, NIS.
That's not an easy scenario.
Perhaps the simplest solution would work for you.
You could implement a generic account on the firewall called say
wifi-user. SSH into the filewall (not using Kerberos or anything)
and log in using the shared password for wifi-user.
The login shell could point to
Steve Shockley wrote:
I'm researching setting up a wireless gateway using OpenBSD and authpf.
We've got an existing Active Directory (2003) domain with about 5000
user accounts that I'd like to authenticate against.
LDAP seemed like the obvious choice, but it appears I need to create
local
2006/8/15, Steve Shockley [EMAIL PROTECTED]:
I'm researching setting up a wireless gateway using OpenBSD and authpf.
We've got an existing Active Directory (2003) domain with about 5000
user accounts that I'd like to authenticate against.
LDAP seemed like the obvious choice, but it appears I
From: [EMAIL PROTECTED]
That's not an easy scenario.
Perhaps the simplest solution would work for you.
[snip login shell]
[snip read file from UNC]
[snip cartwheels and demonic contortions]
'A' for creativity, F for solution != simplest.
If the users are logging into Windows workstations,
On Tue, 2006-08-15 at 12:24 -0400, Steve Shockley wrote:
Kerberos also sounded like a good idea, but if I understand correctly,
the clients would need a Kerberized ssh client, and they'd have to be
able to access the KDC before logging in to the gateway.
having a kerberized SSH client isn't a
8 matches
Mail list logo
