[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Host based authentication using OpenLDAP

To: openldap-technical@openldap.org
Subject: Re: Host based authentication using OpenLDAP
From: Per Kristiansen <perk@funcom.com>
Date: Wed, 20 May 2009 17:57:03 +0200
In-reply-to: <4A135A7C.2060301@symas.com>
References: <27142091.731242765919826.JavaMail.root@mail> <4A135A7C.2060301@symas.com>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Howard Chu wrote:
> ACLs for nss_ldap is not the way to handle this. It needs to be done in
> the PAM account management handlers, and pam_ldap's support for that is
> pretty weak. In particular, it doesn't support centrally configuring
> access to services on groups of hosts. The PAM support in nssov is a lot
> better in this area and can do what the original poster wants; I just
> haven't written an example ACL for this feature in the docs yet.

Ahh..how far would you say this is from being mature enough to run in an
production environment ?

I've just read the README and finished uncurling from my fetus like
position afterwards (thanks for helping me keeping Alzheimer's at bay
btw :) ) and yes this sounds very much like what I want.

right now I'm writing a few scripts to create the ACL's using the
existing setup. Not NEARLY as smooth as want I want but at least it will
allow me to roll out LDAP for authentication now.

The goal here is to have ONE place where we set these things, and of
course to give me more time to think about stuff instead of actually
doing stuff :).

I will be trying to set up nssov on my test farm over the weekend, so I
might just possibly be whining here later for some help :)

-- 
Per

References:
- Re: Host based authentication using OpenLDAP
  - From: Gavin Henry <ghenry@suretecsystems.com>
- Re: Host based authentication using OpenLDAP
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Host based authentication using OpenLDAP
Next by Date: Re: Host based authentication using OpenLDAP
Index(es):
- Chronological
- Thread