> You have to understand that nss doesn't actually support the interfaces > autofs needs. We would have to extend the API and get that approved by > the libc folks (which they have actually agreed to do, should we choose > that route). > Yes, I have heard the libc API needs some extension.... > Now, the reason autofs doesn't use the SASL and TLS configuration > options from the ldap.conf file is simply that autofs has no business > parsing that file. Autofs *does* use the ldap library, so whatever > you've configured in /etc/openldap/ldap.conf should work for autofs. > > Ok, let me explain in detail what I was after, actually:
In my company, we use Centrify (www.centrify.com) DirectControl to integrate Linux RHEL boxes into Win 2003 Active Directory. Now, in Centrify they did quite an amount of work to make everything working nicely: 1) they provide the system with their own set of libnss_centrifydc libraries so you can use them in nsswitch.conf like this: passwd centrifydc files group centrifydc files 2) The libnss_centrifydc library does all the heck with communicating with AD. AD is nothing strange, having it extended with RFC 2307 attributes, it behaves like a normal LDAP server. What the libnss_centrifydc does for you is SASL encrypted channel with the Windows domain controller - something PAINFUL (if possible) to do with a plain libss_ldap. 3) The libnss_centrifydc will also provide you with a Kerberos principal so that SASL is possible for other apps ... 4) That means that I can gather all necessary info securely from AD. But the automounter. How perfect would it be if I could just add: automount centrifydc files in my nsswitch.conf to add support for automounter, too! I know, both libc and centrify folks would have to be informed and API changed to support autofs in general, but the benefit would be massive for me - I could solely rely on centrifydc_nss and encrypted SASL channel for everything. Now, I have to feed automounter via NIS which is something I would like to get rid of, if possible. I understand I do not care as much about Centrify, but hopefully it will give you some explanation why I (and other system integrators too) would welcome the libc & autofs merge. Ondrej > I hope this helps. > > Cheers, > > Jeff > _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
