[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User account policies

> Would it not be easier to just use the built in LDAP authentication modules
> for freeRadius and Squid ? Anyway, how do I implement my requirements ?

I authenticate perhaps a dozen services using LDAP. Maybe 4 of those offer
their own LDAP authentication routines; most just implement PAM. I use PAM
and pam_ldap for all of them, because

1) Doing so allows me to learn 1 syntax and behavior instead of 5.

2) Using PAM allows me to insert other modules (e.g. pam_cracklib) which
provide additional functionality.

3) Writing code for authentication is more dicy than it seems at first
blanch. pam_ldap is well-maintained and written with security in mind.
Many off the LDAP modules for other services are thrown together and
rarely looked at. I trust pam_ldap more.