Re: LDAP/mail interaction

[Jeff Clowser <jclowser@aerotek.com>]

David J N Begley wrote:

> On Wed, 14 Jul 1999, Jeff Clowser wrote:
>
> > Second is that the side effect of this would be that users could also
> > log into the machine, ftp to it, etc - they could use whatever other
> > user based services are on that box, which could be bad.
>
> Argh.. hit send too quickly.  You can "play games" to have the users "exist"
> (for services like email - Sendmail, etc.) on the Unix machine (ie., they
> still must have UIDs and such) without actually letting them login (so
> home directories may not exist, or something).
>
> For example - PAM-based systems can selectively use (or not) the remote
> directory service (LDAP) on an application-by-application basis;  things like
> FTP and TELNET could be told to only use the local /etc/passwd files, whilst
> POP daemons would use /etc/passwd files and a remote LDAP service (thus,
> LDAP-only users could login to check mail, but couldn't FTP or TELNET into the
> machine).

True - I've read and researched a lot of this,
so haven't put it into practice, so some of my
concerns are out of ignorance and really won't
be a problem.

On a side note, my experience with Irix is from
back in the days of Irix 5.x.  Just found that
with Irix 6.x, LDAP is built in as an /etc/passwd
replacement, which is very cool - 90% of the
problem is already solved.

Also want to thank all the people who responded
back - it's amazing how much great feedback this
list provides.

--
 Jeff Clowser
 mailto:jclowser@aerotek.com       Hanover MD  21076 USA
 Phone: (410)-579-4328             7312 Parkway Drive