[Date Prev][Date Next]
Re: LDAP/mail interaction
On Thu, 15 Jul 1999, Stuart Lynne wrote:
> > On Wed, 14 Jul 1999, Jeff Clowser wrote:
> > > Second is that the side effect of this would be that users could also
> > > log into the machine, ftp to it, etc - they could use whatever other
> > > user based services are on that box, which could be bad.
> For large sealed server installations the extra levels of indirection you
> get with PAM probably introduce unneeded complexity and overhead. Going
> directly to the policy database is a good optimization.
Of course - there is no one perfect solution for everyone. The point I was
trying to make was that just because a user exists in a directory service and
your authentication subsystem is reconfigured to use that directory service,
does not automatically mean the user can login/FTP/etc. to the machine too.