[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Novell Authentication and PPP

I'm dealing with this same issue, so I'll respond...

We run NIS on our Netware servers for some other purposes, so we're going 
to wind up completely populating the passwd map.  Then it's a simple case 
of using pam_nw_auth for authentication.

sethlist@pc126.psy.aau.dk said:
> It is clearly an advantage if the linux server could use the Netware
> database for authentication, because once a person is in the Novell
> system, then they could automatically have access to the PPP system,
> without having to create an entry in the linux password database.

> I can see there are two modules available that could potentially
> provide this service: pam_nw_auth and pam_ncp.

> It appears that pam_nw_auth will satisfy this requirement,  while
> pam_ncp requires an entry in the /etc/passwd. But maybe pam_nw_auth's
> "documentation" is wrong.

No, it's not wrong.  You're just interpreting it wrong.  Maybe it just 
needs to be more clear.

> Now my questions.

> (1) Has anyone actually tried to do something like this, with either
> of these modules?  If so, any tips, gotchas, problems to be aware of?

One difference is that pam_ncp wants a '*' in the encrypted password 
field, while pam_nw_auth doesn't care what's in there.  Also note that 
pam_nw_auth wants the ncpfs source to build, so when NDS integration is 
done there, so will it be in pam_nw_auth.  I assume you'd have to do some 
work to reintegrate changes into pam_ncp.

> (2) Both these modules are built around ncpfs.  Recently Caldera made
> their nwclient freely available.  Has anyone tried to use these
> modules (or modify them) in relation to the Caldera client?

> (3) are there any opinions about the reliability of pam_nw_auth vs.
> pam_ncp? (from looking at the source code, they are built up from
> pam_unix_auth, so perhaps not much difference.)

> (4) Are there other modules available that should also be considered?

> (5) I realize that I just have to try it, but sometimes it is good to
> have some theory before practice. In fact, I have used pam_nw_auth
> successfully with login, so I am not asking for setup details, as much
> as trying to learn from the experience and wisdom of others. 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []