On Mon, Sep 08, 2003 at 10:28:17PM -0500, Dan Nelson wrote:
> In the last episode (Sep 08), Tillman Hodgson said:
> > > > I'm a bit biased, however: I use NIS with Kerberos and think it's the
> > > > cats pajamas :-)
> > >
> > > This sounds exactly like what we are looking for. Can you point us
> > > to any docs explaining how you do this??
> > 
> > The rough instructions are fairly simple:
> > 
> > * Set up Kerberos and ensure you have a working realm
> > * Set up NIS, but set all the passwd fields to something that doesn't
> >   map to a real password (I like 'krb5', others like '*')
> 
> You can do something similar with LDAP, by using pam_ldap for
> authentication and NIS for the rest of the user info lookup.

That seems like a backwards use of LDAP to me - If I was going to use
LDAP, I'd rather use Kerberos for authentication and LDAP to provide the
user info lookup :-)

(This is essentially what active directory is, and combined with
Kerberos cross-realm authentication can make for some pretty neat single
sign on solutions)

-T


-- 
Love is the highest achievement to which any human may aspire.  It is an 
emotion that encompasses the full depth of heart, mind, and soul.
        - Zensunni Wisdom from the Wandering
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to