Re: schema for NSS LDAP with not all accounts active

To: Russell Coker <russell@coker.com.au>
Cc: debian-isp@lists.debian.org
Subject: Re: schema for NSS LDAP with not all accounts active
From: Alexander Reelsen <ar@rhwd.net>
Date: Fri, 30 Mar 2001 10:54:08 +0200
Message-id: <[🔎] 20010330105408.A19072@joker.rhwd.owl.de>
Mail-followup-to: Russell Coker <russell@coker.com.au>, debian-isp@lists.debian.org
In-reply-to: <[🔎] 0103301015240D.00685@lyta>; from russell@coker.com.au on Fri, Mar 30, 2001 at 10:15:24AM +1000
References: <[🔎] 01032910033900.00685@lyta> <[🔎] 20010329143323.A5609@joker.rhwd.owl.de> <[🔎] 0103300855270A.00685@lyta> <[🔎] 0103301015240D.00685@lyta>

Hi

On Fri, Mar 30, 2001 at 10:15:24AM +1000, Russell Coker wrote:
> On Friday 30 March 2001 08:55, Russell Coker wrote:
> > Good point.  The problem is that the NSS interface doesn't allow for such
> > things so you would have to use pam_ldap for all authentication (no big
> > deal just a minor PITA to change all the /etc/pam.d files and keep them
> > maintained).  Then what we need is an option for pam-ldap to specify which
> > filter should be used.
I think using pam_ldap in favor the NSS interface isn't a big problem.

> The down-side to this is that you need a separate config file for each 
> service that is to be independantly controlled.  However it shouldn't be to 
> difficult to create these with M4 macros.
Well, at least that's an solution. However I don't like it too much, to
have a whole bunch of config files lying around. If I find the time
(imagine the if written in real big letters), I will try to implement this
in pam_ldap, where it belongs (IMHO).

Anyway, thanks for this solution, I will incorporate this in my existing
configuration as well


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ar@rhwd.net         7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO

Reply to:

Follow-Ups:
- Re: schema for NSS LDAP with not all accounts active
  - From: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>

References:
- schema for NSS LDAP with not all accounts active
  - From: Russell Coker <russell@coker.com.au>
- Re: schema for NSS LDAP with not all accounts active
  - From: Alexander Reelsen <ar@rhwd.net>
- Re: schema for NSS LDAP with not all accounts active
  - From: Russell Coker <russell@coker.com.au>
- Re: schema for NSS LDAP with not all accounts active
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: schema for NSS LDAP with not all accounts active
Next by Date: Re: schema for NSS LDAP with not all accounts active
Previous by thread: Re: schema for NSS LDAP with not all accounts active
Next by thread: Re: schema for NSS LDAP with not all accounts active
Index(es):
- Date
- Thread