[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP-based authentication with the d-i?

On Fri, Jun 18, 2004 at 11:56:22AM +0200, Giuseppe Sacco wrote:
> Il Fri, Jun 18, 2004 at 10:21:08AM +0200, Fabio Tranchitella ha scritto:
> [...]
> > [Petter Reinholdtsen]
> > > As far as I know, this is not currently possible to do using the
> > > installation methods in d-i.
> > > I would very much like to have this as well.  We do this using config
> > > file rewrites in debian-edu, but would rather use debconf preseeding.

> > Can it be done? So, can I implement it in d-i?
> > Or better, would be useful if I try to implement it?

> > Yes, I know that 90% of users don't use LDAP-based authentication, but
> > IMHO this can be a very very important feature for a quick setup of a
> > large debian-based workstation network...

> I would *really* love to see such a feature implemented in d-i. I do
> understand that it is possible to do it after the installation is complete
> but I would like that d-i would be able to leave the machine
> completely installed without requiring some other post install setup,
> at least for "simple" or "client" install.

> If you'll start working at it, I would like to partecipate.

Well, there's more to this than just package selection.  Even if udebs
aren't required to be policy-compliant packages, d-i (as an installer
distributed by Debian) is still somewhat constrained by policy -- such
as the requirement to not modify conffiles.  LDAP support requires
changes to /etc/nsswitch.conf, which is a conffile.

The PAM config file handling was reworked last year precisely to allow
better integration of LDAP, KRB5, or other auth mechanisms; I'd love to
see someone work on a PAM module configurator which leverages this.
Maybe once that's done, we can talk about how nsswitch.conf needs to be

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: