Re: Question on Ldap
This is a discussion on Re: Question on Ldap within the lucky.openbsd.tech forums, part of the OpenBSD category; --> Antoine Jacoutot wrote: >Selon Nicholas Basila <mlists@northglobe.com>: > > >>I understand the purpose of nsswitch, but it seems like ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 11:15 AM
| ||||
| ||||
 Re: Question on Ldap Antoine Jacoutot wrote: >Selon Nicholas Basila <mlists@northglobe.com>: > > >>I understand the purpose of nsswitch, but it seems like PAM is taking on >>more roles and I think pam is a better choice for the long run. Having >>all the user related tools optionally aware of PAM would be pretty handy. >> >> > >I don't think they serve the same purpose. >Pam is used to authenticate (OpenBSD used bsd_auth for that) to a defined source >(passwd, ldap...). >nsswitch is used for name service (ex. getpwnam to get the attributes of a user >; from passwd, ldap...). > >If I'm not mistaken, you can think of it as PAM/bsd_auth for password >authentication and nsswitch for the rest (gecos, uid, gid...). Although you can >use an nsswitch only setup to authenticate users (against an ldap directory for >exemple), it is not recommanded. > >As far as I know nsswitch is not supported (yet ?) under OpenBSD. > >But don't take my word for it, I might be saying total craps... > >Antoine > > > > > True, but it seems that PAM is taking on additional responsibilities all the time. If this is the trend, perhaps it'd be nice to have all of this in the same place. Oh well, it will probably never happen. Nicholas      |
Linear Mode
