[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Novell Authentication and PPP

On 28 Oct 98, at 3:19, Seth Chaiklin wrote:

> I can see there are two modules available that could
> potentially provide this service: pam_nw_auth and pam_ncp.
> It appears that pam_nw_auth will satisfy this requirement, 
> while pam_ncp requires an entry in the /etc/passwd.
> But maybe pam_nw_auth's "documentation" is wrong.

You have to have an entry in /etc/passwd for pam_nw_auth

> Now my questions.
> (1) Has anyone actually tried to do something like this,
> with either of these modules?  If so, any tips, gotchas,
> problems to be aware of?

I tried both of these modules in a test environment. pam_ncp did 
not work for ppp because of a fork somewhere in the code. It has 
been some time ago, but I don't believe pam_ncp was being 
actively developed at the time. So I took a look at pam_nw_auth. It 
originally had the same problem, but Dave fixed it in the 0.4 
version, so it worked fine for ppp.

The problem I had with pam_nw_auth may have been fixed in the 
latest version (0.5)--I never got around to following up on it. My 
problem was it only checked one server. I had user accounts on 
several servers, and wanted it to check each one.

The other issue with pam_nw_auth is bindery vs. NDS mode. There 
was one report on this list that when linked against the latest 
libncp, it would work in NDS mode. I haven't tried that, but the 
message follows.

Bottom line, I think pam_nw_auth would be your best bet. If you 
only have one 4.1 server, and it is doing bindery emulation, then 
you should have no problems at all.

Good luck,

--------Forwarded Message-----------------
Date forwarded: 	22 May 1998 10:44:50 -0000
Date sent:      	Fri, 22 May 1998 12:44:07 +0200 (CEST)
From:           	Alexander List <alex@fhtupc154.tu-graz.ac.at>
Send reply to:  	alexlist@sbox.tu-graz.ac.at
To:             	pam-list@redhat.com
Copies to:      	bhammond@cba.uga.edu
Subject:        	pam_nw_auth works with NDS!
Forwarded by:   	pam-list@redhat.com



I don't know if anyone realized before that when pam_nw_auth is 
against the latest libncp from ftp://platan.vc.cvut.cz/pub/linux/ncpfs, 
will allow authentication via NDS (Netware 4) servers. The 
drawbacks still
are that the user needs to have a "starred" entry in /etc/passwd 
and that
usernames longer than eight characters won't work (my experience 
so far). 

I'd like Netware to supply not only "password OK yes/no", but also 
GID, group membership etc. Did anyone already think about 
something like

BTW, is there any info available on the net on how NDS user 
look like?

Best regards

Alex List

"Nobody will ever need more than 640k RAM!"
                           -- Bill Gates, 1981
"Windows 95 needs at least 8 MB RAM."
                           -- Bill Gates, 1996
"Nobody will ever need Windows 95."
                           -- logical conclusion


Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
Tel: +43-316-873-5111	Fax: +43-316-873-5115


PGP public key available via WWW or on request

Version: 2.6.3ia
Charset: latin1


Doug Kite            email: dkite@co.lenoir.nc.us
Network Administrator         phone: 252-559-6442
Lenoir County MIS               fax: 252-523-0371

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []