Re: Feature request (pam/nss ldap, nsswitch ldap integration)

From: *** Davies (rasputnik_at_hellooperator.net)
Date: 10/30/04

  • Next message: Martes Wigglesworth: "EHCI Kernel Panic w/ 5.2.1-RELEASE Kernel" 
    Date: Sat, 30 Oct 2004 13:49:28 +0100
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>

    * Joerg Sonnenberger <joerg@britannica.bec.de> [1043 12:43]:
    > On Sat, Oct 30, 2004 at 12:20:58PM +0100, *** Davies wrote:
    > > Trouble is openldap is one of those things everyone wants to configure
    > > themselves - do you enable SASL support or not, what backends do you use
    > > etc?
    >
    > IIRC SASL is pretty mandatory to correctly implement LDAP v3. Bigger
    > question is GSSAPI (Kerberos 5!) and the backend.
    >
    > [..]
    > > And it raises other questions, for example how do you handle mergemaster
    > > when half your accounts are in LDAP and not the system databases?
    >
    > You should _not_ put system accounts into LDAP, that's that just wrong.
    > So having them in the local database (whatever type that is) should work
    > fine with mergemaster.

    I can see why you say that, but there are times when it's useful (rsyncing
    between different OSes for starters where you want to preserve permissions,
    for example - you don't have to ensure that all /etc/passwd, /etc/shadow, whatever
    happen to have the same uid listed in this case). 

    -- 
The pie is ready. You guys like swarms of things, right? - Bender
Rasputin :: Jack of All Trades - Master of Nuns
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
  • Next message: Martes Wigglesworth: "EHCI Kernel Panic w/ 5.2.1-RELEASE Kernel"
    • Quantcast