A. Khattri wrote:
On Thu, 11 Aug 2005, kashani wrote:
And that isn't option #1 aka, stuff everything in a db and do central
auth from there" how? See I'm even loosing sleep just talking about
option #1. The rest of you have been warned. :)
Well, firstly, there are NO local accounts for users. And second, PAM
isn't involved in all of it. So yeah #3 is alive ;-)
That's it? That's the big explanation? Come on it's six of one and half
a dozen of the other. You can use PAM, NIS+, libnss, Radius, etc and you
can auth against a flat file, Mysql, Postgres, Oracle, LDAP, hell even
Active Directory if you want as well as twenty other things I'm sure.
To the original poster you can go fully virtual by combining X auth
method with Y backend with no local accounts. I'd go this route if the
users that need local access to machine aren't likely to reside in a
single email domain. In my case users that need access to the box work
here so I made our domain local, gave ourselves local accounts, and our
customers get to be virtual. The pros here that it's easy and you can
leave your sshd, ftpd, etc configs alone. Messing with a virtual mail
system is sometimes hard enough the first time around for a lot of
people and doing everything at once can be painful and most importantly
cause sleep loss.
Cons of course are that if you need to add local users from any other
domain at some point in the future you're likely to need to re-engineer
things a bit... or a lot. And also make the old local users start using
their email as the login instead of their old username which is always a
fun transition.
kashani
--
[email protected] mailing list
