On Mon, Sep 08, 2003 at 10:28:17PM -0500, Dan Nelson wrote:
> In the last episode (Sep 08), Tillman Hodgson said:
> > > > I'm a bit biased, however: I use NIS with Kerberos and think it's the
> > > > cats pajamas :-)
> > >
> > > This sounds exactly like what we are looking for. Can you point us
> > > to any docs explaining how you do this??
> > 
> > The rough instructions are fairly simple:
> > 
> > * Set up Kerberos and ensure you have a working realm
> > * Set up NIS, but set all the passwd fields to something that doesn't
> >   map to a real password (I like 'krb5', others like '*')
> You can do something similar with LDAP, by using pam_ldap for
> authentication and NIS for the rest of the user info lookup.

That seems like a backwards use of LDAP to me - If I was going to use
LDAP, I'd rather use Kerberos for authentication and LDAP to provide the
user info lookup :-)

(This is essentially what active directory is, and combined with
Kerberos cross-realm authentication can make for some pretty neat single
sign on solutions)


Love is the highest achievement to which any human may aspire.  It is an 
emotion that encompasses the full depth of heart, mind, and soul.
        - Zensunni Wisdom from the Wandering
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to