Sarick wrote:
Hi, Thanks all of the advice. Now I know what LDAP does. :-) Basically, my ambition is to make a 802.1x EAP-MD5 authentication. And the users info required for authentication (i.e., username and passwd) can correspond to the accounts on my Linux server. Therefore, I won't need to key in all of the users info again but just obtained from Linux. (my original thought is to obtain from /etc/passwd and /etc/shadow) But I have no idea whether I can do it or how I can do it. Can I just convert the /etc/passwd and /etc/shadow into LDAP database? How? Or it is no way to do this?Sarick ----- Original Message ----- From: "Artur Hecker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 8:56 AM Subject: Re: (2) Can LDAP be used to authenticate /etc/passwd ?hi evren: all that is useless - EAP-MD5 will need clear-text passwords. /etc/passwd or shadow or whatsoever only stores a hash of it. it is not going to work anyway. a propos, sarick: the original question is a big strange mixture of available incompatible techniques. you store your radius-related users EITHER in the LDAP OR in the /etc/passwd OR somewhere else, and not just somewhere. an LDAP database is NOT a text file which /etc/passwd obviously is. and ming-bogglingly enough all this has nothing to do with radius! and even more confusing: the EAP-MD5 is pretty much CHAP in its centralized EAP form and CHAP needs clear-text passwords and exactly those are actually hashed (=not clear-text) in the file you are talking about. what the hell do you want to do? ciao artur ps your question basically was: "can i buy a cadillac that knows how to drive a chevy? and can all this fly to the moon?" Evren Yurtesen wrote:or actually if you can keep the /etc/passwd /etc/shadow syncronised with LDAP that would also do the trick. Perhaps with a script you can convert /etc/passwd /etc/shadow into LDAP or only the changed accounts etc. or even syncronise the add/remove user functions both in LDAP and in system files. Evren On Wed, 4 Dec 2002, Simon White wrote:04-Dec-02 at 20:23, jmc_cs ([EMAIL PROTECTED]) wrote :Hi Simon, ----- Original Message ----- From: "Simon White" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 04, 2002 7:23 PM Subject: Re: Can LDAP be used to authenticate /etc/passwd ?04-Dec-02 at 19:12, Sarick ([EMAIL PROTECTED]) wrote :Hi all, Can the LDAP be used to authenticate a user whose username andpasswordisstored in /etc/passwd??How is the LDAP server going to read the username in /etc/passwd? Passwords are not stored in /etc/passwd, just usernames. Passwords are usually in /etc/shadow, YMMVyes. My question is, can I use LDAP to authenticate the users whohaving theaccounts on Linux , with EAP-MD5 authentication? That is, to read the usernames from /etc/passwd and passwords from /etc/shadow. How?You can't. You can store the hashes that are in shadow in LDAPprobably.I think, however, that your approach is probably wrong. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html-- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Artur Hecker Groupe Acc�s et Mobilit�
hecker[at]enst[dot]fr D�partement Informatique et R�seaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
