[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP/mail interaction

To: Stuart Lynne <sl@fireplug.net>
Subject: Re: LDAP/mail interaction
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Fri, 16 Jul 1999 03:47:27 +1000 (EST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <19990715104241.63843@fireplug.net>

On Thu, 15 Jul 1999, Stuart Lynne wrote:

> > On Wed, 14 Jul 1999, Jeff Clowser wrote:
> > 
> > > Second is that the side effect of this would be that users could also
> > > log into the machine, ftp to it, etc - they could use whatever other
> > > user based services are on that box, which could be bad.
[...]
> For large sealed server installations the extra levels of indirection you
> get with PAM probably introduce unneeded complexity and overhead. Going
> directly to the policy database is a good optimization.

Of course - there is no one perfect solution for everyone.  The point I was
trying to make was that just because a user exists in a directory service and
your authentication subsystem is reconfigured to use that directory service,
does not automatically mean the user can login/FTP/etc. to the machine too.

Cheers..

dave

References:
- Re: LDAP/mail interaction
  - From: Stuart Lynne <sl@fireplug.net>

Prev by Date: Re: LDAP/mail interaction
Next by Date: Re: LDAP/mail interaction
Index(es):
- Chronological
- Thread