| 1 |
On Tuesday, June 14, 2005 2:44 pm, Paul de Vrieze wrote: |
| 2 |
> You know that the "normal" way of doing this is to use ldap and krb5 |
| 3 |
|
| 4 |
In my opinion, LDAP, by design, is a piece of garbage. I understand the |
| 5 |
principle of its design, however I've never found that design to be |
| 6 |
beneficial for my needs. Before I made the switch to a MySQL-backed database |
| 7 |
to store the account information, I was using OpenLDAP; it just couldn't do |
| 8 |
the job. |
| 9 |
|
| 10 |
|
| 11 |
> pam_ldap, mod_auth_pam, apache2, and mod_dav_svn seem to not be able to |
| 12 |
> work together reliably. There is some kind of strange issue there that's |
| 13 |
> very hard to diagnose. Using direct ldap authentication does work. |
| 14 |
|
| 15 |
It's not the user authentication that's the problem, but rather that NSVS |
| 16 |
denies shadow access (appropriately) even though I don't personally need that |
| 17 |
requirement. I think, after a night's rest and a bit of thought, that I'll |
| 18 |
just add a USE flag to the NSVS ebuild to allow users to patch out that |
| 19 |
built-in restriction. |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
Anthony Gorecki |
| 24 |
Ectro-Linux Foundation |
Archives