[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User account policies

To: Michael Fuller <fullerms@hotmail.com>
Subject: Re: User account policies
From: David Wright <ichbin@shadlen.org>
Date: Thu, 11 Jul 2002 11:50:55 -0700 (PDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <DAV63ONgCJinoHLhbka000027f6@hotmail.com>

> Would it not be easier to just use the built in LDAP authentication modules
> for freeRadius and Squid ? Anyway, how do I implement my requirements ?

I authenticate perhaps a dozen services using LDAP. Maybe 4 of those offer
their own LDAP authentication routines; most just implement PAM. I use PAM
and pam_ldap for all of them, because

1) Doing so allows me to learn 1 syntax and behavior instead of 5.

2) Using PAM allows me to insert other modules (e.g. pam_cracklib) which
provide additional functionality.

3) Writing code for authentication is more dicy than it seems at first
blanch. pam_ldap is well-maintained and written with security in mind.
Many off the LDAP modules for other services are thrown together and
rarely looked at. I trust pam_ldap more.

References:
- Re: User account policies
  - From: "Michael Fuller" <fullerms@hotmail.com>

Prev by Date: Storing SASL secrets in the directory
Next by Date: compile library Windows
Index(es):
- Chronological
- Thread