[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: schema for NSS LDAP with not all accounts active


On Fri, Mar 30, 2001 at 10:15:24AM +1000, Russell Coker wrote:
> On Friday 30 March 2001 08:55, Russell Coker wrote:
> > Good point.  The problem is that the NSS interface doesn't allow for such
> > things so you would have to use pam_ldap for all authentication (no big
> > deal just a minor PITA to change all the /etc/pam.d files and keep them
> > maintained).  Then what we need is an option for pam-ldap to specify which
> > filter should be used.
I think using pam_ldap in favor the NSS interface isn't a big problem.

> The down-side to this is that you need a separate config file for each 
> service that is to be independantly controlled.  However it shouldn't be to 
> difficult to create these with M4 macros.
Well, at least that's an solution. However I don't like it too much, to
have a whole bunch of config files lying around. If I find the time
(imagine the if written in real big letters), I will try to implement this
in pam_ldap, where it belongs (IMHO).

Anyway, thanks for this solution, I will incorporate this in my existing
configuration as well

MfG/Regards, Alexander

Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ar@rhwd.net         7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO

Reply to: