1 |
On Tuesday, June 14, 2005 2:44 pm, Paul de Vrieze wrote: |
2 |
> You know that the "normal" way of doing this is to use ldap and krb5 |
3 |
|
4 |
In my opinion, LDAP, by design, is a piece of garbage. I understand the |
5 |
principle of its design, however I've never found that design to be |
6 |
beneficial for my needs. Before I made the switch to a MySQL-backed database |
7 |
to store the account information, I was using OpenLDAP; it just couldn't do |
8 |
the job. |
9 |
|
10 |
|
11 |
> pam_ldap, mod_auth_pam, apache2, and mod_dav_svn seem to not be able to |
12 |
> work together reliably. There is some kind of strange issue there that's |
13 |
> very hard to diagnose. Using direct ldap authentication does work. |
14 |
|
15 |
It's not the user authentication that's the problem, but rather that NSVS |
16 |
denies shadow access (appropriately) even though I don't personally need that |
17 |
requirement. I think, after a night's rest and a bit of thought, that I'll |
18 |
just add a USE flag to the NSVS ebuild to allow users to patch out that |
19 |
built-in restriction. |
20 |
|
21 |
|
22 |
-- |
23 |
Anthony Gorecki |
24 |
Ectro-Linux Foundation |