i have configured webmin to use pam (and through that /etc/passwd or ldap, depending on the where the user is stored).
That means that we can have the best of both worlds: root can remain in /etc/passwd, outside ldap, and the common user masses can use their ldap passwords. this has nothing to do with wlus, though. it is pure configuration work in the webmin config files. is cfengine easy to use? i could take a shot at it. is someone familiar with cfengine and on irc regularly? then we could do this together in a few minutes. it would help to know which webmin modules should be user-accessible. anyone thought about this? what do teachers need? or jradmins? is there a URL with a list?
