On Mon, Sep 08, 2003 at 10:28:17PM -0500, Dan Nelson wrote: > In the last episode (Sep 08), Tillman Hodgson said: > > > > I'm a bit biased, however: I use NIS with Kerberos and think it's the > > > > cats pajamas :-) > > > > > > This sounds exactly like what we are looking for. Can you point us > > > to any docs explaining how you do this?? > > > > The rough instructions are fairly simple: > > > > * Set up Kerberos and ensure you have a working realm > > * Set up NIS, but set all the passwd fields to something that doesn't > > map to a real password (I like 'krb5', others like '*') > > You can do something similar with LDAP, by using pam_ldap for > authentication and NIS for the rest of the user info lookup.
That seems like a backwards use of LDAP to me - If I was going to use LDAP, I'd rather use Kerberos for authentication and LDAP to provide the user info lookup :-) (This is essentially what active directory is, and combined with Kerberos cross-realm authentication can make for some pretty neat single sign on solutions) -T -- Love is the highest achievement to which any human may aspire. It is an emotion that encompasses the full depth of heart, mind, and soul. - Zensunni Wisdom from the Wandering _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"