Brian, I agree with you. This is what I always recommend to clients.
Tim. -----Original Message----- From: Brian Davidson [mailto:[EMAIL PROTECTED] Sent: 04 August 2003 16:47 To: [EMAIL PROTECTED] Subject: Re: which krb5 PAM module on Solaris 8? Why not use nsswitch for authorization? I'm assuming it's available on Solaris since Sun developed it (I don't have any Solaris boxes at the moment). Basically all password file lookups are redirected to LDAP via nss_ldap. It seems to me that authentication is best left to PAM, while authorization is better handled by a hook into the system calls that are used for authorization (i.e. what nsswitch does). Brian On Sunday, August 3, 2003, at 10:09 PM, Jason Prondak wrote: > > As for the ldap stuff. Why not the pam_ldap supplied by SUN? > > --jason > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
