Hi, Thanks all of the advice. Now I know what LDAP does. :-) Basically, my ambition is to make a 802.1x EAP-MD5 authentication. And the users info required for authentication (i.e., username and passwd) can correspond to the accounts on my Linux server. Therefore, I won't need to key in all of the users info again but just obtained from Linux. (my original thought is to obtain from /etc/passwd and /etc/shadow) But I have no idea whether I can do it or how I can do it. Can I just convert the /etc/passwd and /etc/shadow into LDAP database? How? Or it is no way to do this?
Sarick ----- Original Message ----- From: "Artur Hecker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 8:56 AM Subject: Re: (2) Can LDAP be used to authenticate /etc/passwd ? > hi > > evren: all that is useless - EAP-MD5 will need clear-text passwords. > /etc/passwd or shadow or whatsoever only stores a hash of it. it is not > going to work anyway. > > a propos, sarick: the original question is a big strange mixture of > available incompatible techniques. you store your radius-related users > EITHER in the LDAP OR in the /etc/passwd OR somewhere else, and not just > somewhere. an LDAP database is NOT a text file which /etc/passwd > obviously is. and ming-bogglingly enough all this has nothing to do with > radius! and even more confusing: the EAP-MD5 is pretty much CHAP in its > centralized EAP form and CHAP needs clear-text passwords and exactly > those are actually hashed (=not clear-text) in the file you are talking > about. > > what the hell do you want to do? > > > ciao > artur > > > ps your question basically was: "can i buy a cadillac that knows how to > drive a chevy? and can all this fly to the moon?" > > > > > Evren Yurtesen wrote: > > > > or actually if you can keep the /etc/passwd /etc/shadow syncronised with > > LDAP that would also do the trick. Perhaps with a script you can convert > > /etc/passwd /etc/shadow into LDAP or only the changed accounts etc. or > > even syncronise the add/remove user functions both in LDAP and in system > > files. > > > > Evren > > > > On Wed, 4 Dec 2002, Simon White wrote: > > > > > 04-Dec-02 at 20:23, jmc_cs ([EMAIL PROTECTED]) wrote : > > > > > > > > > > > > Hi Simon, > > > > ----- Original Message ----- > > > > From: "Simon White" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, December 04, 2002 7:23 PM > > > > Subject: Re: Can LDAP be used to authenticate /etc/passwd ? > > > > > > > > > > > > > 04-Dec-02 at 19:12, Sarick ([EMAIL PROTECTED]) wrote : > > > > > > Hi all, > > > > > > Can the LDAP be used to authenticate a user whose username and password > > > > is > > > > > > stored in /etc/passwd?? > > > > > > > > > > How is the LDAP server going to read the username in /etc/passwd? > > > > > > > > > > Passwords are not stored in /etc/passwd, just usernames. > > > > > Passwords are usually in /etc/shadow, YMMV > > > > yes. My question is, can I use LDAP to authenticate the users who having the > > > > accounts on Linux , with EAP-MD5 authentication? > > > > That is, to read the usernames from /etc/passwd and passwords from > > > > /etc/shadow. > > > > How? > > > > > > You can't. You can store the hashes that are in shadow in LDAP probably. > > > I think, however, that your approach is probably wrong. > > > > > > -- > > > |-Simon White, Internet Services Manager, Certified Check Point CCSA. > > > |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. > > > |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. > > > |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > Artur Hecker > artur[at]hecker.info > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
