Re: Directory enabled distribution

[John Lines <john@paladin.demon.co.uk>]

> 
> BC> Ask and ye shall receive :) There is a pam_mkhomedir module that
> BC> was made for this purpose. It was written by one of the
> BC> debian-admins, and I will have it packaged very soon.
> 
> This is great news. We will get new computers for a computer lab here,
> and I can make 1/3 of the boxes Debian installations for comparison
> with Windows NT. Without a way to authenticate to existing databases I
> wouldn't be able to do it. And with this pam_mkhomedir module, I
> really think I can set up the thing to actually work :-)
> 
> Now I will start reading about pam and ldap.
> 

You may find that you cant use Netwares  LDAP server to authenticate against.
Netware uses an authentication system which is more like Kerberos than the
simple 'please verify this password' system used within the current LDAP APIs
(apart from when they have been built with Kerberos support).

There is however a Netware RADIUS server, and I think there may be a
pam-radius module. You could potentially create users in the NDS and then
use Radius to authenticate them, and LDAP to find their attributes.

We are using the Netware Radius server, and I have used ldapsearch etc to
look briefly at the exported NDS, but have not yet attempted this level of
integration.

	John Lines

p.s. What would be really neat would be if Netware 5 would act as a Kerberos5
authentication server, as LDAP could then (possibly) authenticate against it.

p.p.s. There is a paper somewhere on the net by someone who integrated
Netware and Kerberos authentication - I think they arranged it so that if
you changed your Netware password it updated a Kerberos server, but it was
quite a while ago that I read it.