[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication & Login sessions

>The problem can be solved using AF_UNIX type sockets instead of network
>transport, which solves a lot of issues so far as credentials go. This

As Howard mentioned, we added support for this to OpenLDAP some time

>(understandably) does not support authenticated access, it too is not a
>suitable mechanism. The only option I can think of is to use kerberos, but
>before requiring kerberos as part of this equation I thought I'd ask to
>see if anyone has done any development along these lines, or perhaps
>someone has other helpful comments.

What about something like ssh-agent on the client that keeps some
credentials around? IIRC HP were doing something like this with their
pam_ldap module.

-- Luke

Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com