| 1 |
heya, |
| 2 |
|
| 3 |
On Wed, 2005-07-20 at 00:31 -0700, Bill Johnstone wrote: |
| 4 |
> Under Gentoo, when using OpenLDAP and the pam_ldap and nss_ldap suite |
| 5 |
> for user authorization and nameservices, what is the |
| 6 |
> accepted/recommended solution for user account management? I'm |
| 7 |
> referring specifically to native programs at the command-line, and |
| 8 |
> equivalent to the standard shadow suite tools, not something like |
| 9 |
> phpldapadmin. |
| 10 |
|
| 11 |
Well by putting your accounts into LDAP you really should be using LDAP |
| 12 |
management tools to manage it. |
| 13 |
|
| 14 |
> I've noticed that typical programs such as chsh or chfn have PAM config |
| 15 |
> files -- can PAM tricks be used to make them work with the fields |
| 16 |
> accessible via nss_ldap? |
| 17 |
|
| 18 |
They can be but personally I would recommend against it. The reason for |
| 19 |
this is that in order to do so you have to setup a user that can write |
| 20 |
to any of your users attributes (ie in effect a root style user) and |
| 21 |
store that password in a file on the system. The security implications |
| 22 |
of that bother me so personally I don't empower the old style unix |
| 23 |
command line tools to do things like write back to the DIT in that |
| 24 |
fashion. |
| 25 |
|
| 26 |
> Also, there do seem to be packages listed in the database, such as |
| 27 |
> "cpu" and "diradm" that augment or replace the standard shadow suite to |
| 28 |
> deal with the data via LDAP. However, none of these are marked as |
| 29 |
> available on amd64. Why is that, and is there any way I can request or |
| 30 |
> help with the packages being made available and tested on amd64? |
| 31 |
|
| 32 |
They are all LDAP management tools NOT replacements for unix commands. |
| 33 |
|
| 34 |
As to why they are not available on amd64 can't help there sorry. |
| 35 |
|
| 36 |
regards, |
| 37 |
|
| 38 |
Benjamin Smee (strerror) |
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-server@g.o mailing list |
Archives