[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_gina, ldap_gina

To: mcgarvey@us.ibm.com
Subject: Re: pam_gina, ldap_gina
From: Luke Howard <lukeh@PADL.COM>
Date: Sat, 13 Jan 2001 01:52:22 +1100
Cc: openldap-general@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.2g/makemail 2.9a

GINA is not the right place, unless you want to deal with 
creating local accounts on every workstation for every
user that logs into an LDAP account. It is more analogous
to PAM than NSS, and you need both really to replace
flat files under UNIX.

The right place is the LSA, and that's essentially what
W2K does, expect that AFAIK it retrieves the authorization
information (user, group SIDs) from the PAC rather than
directly from the LDAP server in Active Directory.

Still, NISGINA apparently works fine for some people,
that would be a good starting point for an LDAP GINA
if you wished to implement one.

-- Luke

--
Luke Howard | lukeh@padl.com
PADL Software | www.padl.com

Prev by Date: Converting an Out Look addressbook to ldif
Next by Date: Re: Password change -> uncrypted result
Index(es):
- Chronological
- Thread