1 |
heya, |
2 |
|
3 |
On Wed, 2005-07-20 at 00:31 -0700, Bill Johnstone wrote: |
4 |
> Under Gentoo, when using OpenLDAP and the pam_ldap and nss_ldap suite |
5 |
> for user authorization and nameservices, what is the |
6 |
> accepted/recommended solution for user account management? I'm |
7 |
> referring specifically to native programs at the command-line, and |
8 |
> equivalent to the standard shadow suite tools, not something like |
9 |
> phpldapadmin. |
10 |
|
11 |
Well by putting your accounts into LDAP you really should be using LDAP |
12 |
management tools to manage it. |
13 |
|
14 |
> I've noticed that typical programs such as chsh or chfn have PAM config |
15 |
> files -- can PAM tricks be used to make them work with the fields |
16 |
> accessible via nss_ldap? |
17 |
|
18 |
They can be but personally I would recommend against it. The reason for |
19 |
this is that in order to do so you have to setup a user that can write |
20 |
to any of your users attributes (ie in effect a root style user) and |
21 |
store that password in a file on the system. The security implications |
22 |
of that bother me so personally I don't empower the old style unix |
23 |
command line tools to do things like write back to the DIT in that |
24 |
fashion. |
25 |
|
26 |
> Also, there do seem to be packages listed in the database, such as |
27 |
> "cpu" and "diradm" that augment or replace the standard shadow suite to |
28 |
> deal with the data via LDAP. However, none of these are marked as |
29 |
> available on amd64. Why is that, and is there any way I can request or |
30 |
> help with the packages being made available and tested on amd64? |
31 |
|
32 |
They are all LDAP management tools NOT replacements for unix commands. |
33 |
|
34 |
As to why they are not available on amd64 can't help there sorry. |
35 |
|
36 |
regards, |
37 |
|
38 |
Benjamin Smee (strerror) |
39 |
|
40 |
-- |
41 |
gentoo-server@g.o mailing list |