[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to



Michael Ströder <michael@stroeder.com> wrote:

> Off course answering questions on the list is contributing to the
> project. But contributing to docs would mean you identify the place in
> the docs where your information should be added, you improve your
> information according to the list's feedback, you either provide a patch
> or file an ITS with sufficient information.

Sure, I'm very interested by feedback on the actual content on the
document. Here are the feedbacks I gathered so far:

1) I used deprecated features, but I was not told which was the
deprecated features

2) I document only a small part of SASL capacities. I'm aware of that.
The scope of the document was just to explain how to validate a
login/password against a random PAM authentication source. It's better
than nothing.

3) Doing authentication that way is The Wrong Way, I should
authentitcate against LDAP or Kerberos. Well, it would certainly be
better to do that, but is it completely unreasonnable to start using
OpenLDAP without refactoring the world around it? Migration paths can go
through harsh flag days or through softer incremental steps. I'm
convinced that setting up an LDAP authentication against PAM can help
people that try to make a small incremental step.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org