[K12OSN] Ldap + smb auth?
Les Mikesell
les at futuresource.com
Fri Feb 11 18:06:51 UTC 2005
On Fri, 2005-02-11 at 11:43, Henry Burroughs wrote:
> That's an interesting idea. I don't see why it wouldn't work. For
> example you could probably write a PAM backend to read the passwords
> from a plaintext file (why you would do this, I don't know).... The only
> thing would be creating the ldap user when you add a new Active
> Directory user.
You probably already have everything you need to create the accounts in
some electronic format that can be exported to make the ldap entry. If
you remove the password, you avoid a lot of issues in passing these
files around and password changes only need to be done in one place.
I'm not sure about the LDAP password attributes, but there is a minimum
length requirement for local /etc/passwd (shadow) fields so you can
use a '*' or '!!' as a "won't work" filler that forces PAM to try
the next mechanism. I think the only thing I'm running that doesn't use
PAM is cvs and I only have a small number of people using it so I
just have them update their Linux passwords too. For everyone else
the Linux password doesn't work and authentication works via smb.
But, it would be even nicer to have the Linux account info in LDAP.
--
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list