From owner-freebsd-security Mon Dec 4 18: 5:17 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 4 18:05:15 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from box29.westin33.flyingcroc.net (box29.westin33.flyingcroc.net [207.246.151.29]) by hub.freebsd.org (Postfix) with ESMTP id 16ABB37B400 for ; Mon, 4 Dec 2000 18:05:15 -0800 (PST) Received: from localhost (michael@localhost) by box29.westin33.flyingcroc.net (8.9.3/8.9.3) with ESMTP id SAA01846 for ; Mon, 4 Dec 2000 18:05:48 -0800 X-Authentication-Warning: box29.westin33.flyingcroc.net: michael owned process doing -bs Date: Mon, 4 Dec 2000 18:05:48 -0800 (PST) From: Michael Haney X-Sender: michael@box29.westin33.flyingcroc.net To: freebsd-security@FreeBSD.ORG Subject: LDAP module for PAM authentication. In-Reply-To: <200012050138.SAA03007@faith.cs.utah.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'd like to know if anyone has implemented the pam_ldap module and turned authentication over to this directory service. I'm installing OpenLDAP on a FreeBSD 4.2 machine, and the PAM clients will be FreeBSD 3.2-4.1.1 boxes, and some NT boxes. I'd like to know how well this works as a replacement to NIS and how it might be secured, either using SSL or Kerberos tickets or some other encryption wrapper, like over an ssh tunnel. Has anyone implemented other solutions to combine NT, Exchange and Unix logins across a network? I'm looking for an easy to manage central user database that will allow a user to login to various boxes on our net, regardless of their OS, and use the same password and/or certificate to authenticate. LDAP seems to be the way to go, and I'd sure appreciate any suggestions about whether or not this works or what else might. thanks, -michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message