[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Further work on LDAP passwords (working on an ldap-adduser).

vandeveb@letu.edu writes:

> Yup, it's at http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/

Thanks.  I don't know how I overlooked that.

I noticed in the README for libpam-ldap that you need to use some
secure socket mechanism if you really want an ldap setup to be secure.
Is there a doc somewhere that explains the best way to set that up?
The README mentions several alternatives (CRAM-MD5 and SSL/TLS), but I
don't know enough to know which would be preferable or how to set them
up.

Also, I'm wondering if it would be useful (if it hasn't been done
already) to generate chsh and chfn replacements (like the passwd one)
to handle changing the attributes in the ldap server rather than
locally when the user's info is in ldap.  I suppose this would require
augmentation of the pam-apps package...

Is there any overriding plan to integrate all this stuff?  What would
be nearly ideal is if there were a config file somewhere where you
could just tell the system that all user accounts should be handled by
ldap and have all the appropriate tools do the right thing.  This
looks like the direction things are going with libpam-ldap, but I
didn't know if that was the final goal.

Thanks

-- 
Rob Browning <rlb@cs.utexas.edu> PGP=E80E0D04F521A094 532B97F5D64E3930
Reply to: