Date: Tue, 14 Nov 2000 15:54:55 -0500 (EST) From: Mike <mikey@kappaisle.com> To: "Jacques A. Vidrine" <n@nectar.com> Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org Subject: Re: pam_ldap status? Message-ID: <Pine.BSF.4.21.0011141542560.92286-100000@greencreek.kappaisle.com> In-Reply-To: <20001114142137.A7172@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks alot Jacques, it really gives me a much more clear view on the differences. I'm looking forward to integrating LDAP authentication for our shell/pop/imap/ftp/web/ssh users. Mike On Tue, 14 Nov 2000, Jacques A. Vidrine wrote: > On Tue, Nov 14, 2000 at 02:21:49PM -0500, Mike wrote: > > Hello all, > > > > What's the update on the pam_ldap development? Is FreeBSD ready for LDAP > > authentication and overcome the NSS issue? > > You seem to be mixing up two mechanisms: PAM (Pluggable Authentication > Modules) and NSS/nsswitch (Name Service Switch). > > > The former (PAM) is a mechanism for authenticating a user interactively > using a user name and password. For LDAP, you can use pam_ldap from > http://www.pdal.com/pam_ldap.html. PAM is supported by several > platforms (at least Solaris, Linux, and FreeBSD) and the interfaces are > very similar. > > The latter (nsswitch) is intended to `switch' between different sources > as used by gethostbyname, getpwent, getgrent, et cetera. The version of > nsswitch that is available in FreeBSD-CURRENT (and NetBSD) supports > files (e.g. /etc/passwd, /etc/hosts), NIS, and Hesiod as sources. > nsswitch is supported by at least Solaris, Linux, and (Free|Net)BSD, but > the interfaces are necessarily different between the three. > > I have further developed a version for FreeBSD that allows additional > sources to be added as dynamic modules, and have ported nss_ldap from > http://www.padl.com/nss_ldap.html for use with it. You can find the > software at http://www.nectar.com/freebsd/nsswitch. It is a work in > progress, although I believe it is completely functional [1]. I expect > it will be ready to commit to -CURRENT sometime next month. > > > I hope this information helps, > -- > Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org > > > [1] The primary deficiency is that the NetBSD nsswitch API is not quite > sufficient for all types of sources. Luke Mewburn <lukem@netbsd.org> > and I are hashing out an API that both platforms (FreeBSD and NetBSD) > will be able to use -- shortly after we have that settled, I think this > nsswitch implementation will be ready for -CURRENT. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011141542560.92286-100000>