On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote: > What I've decided to do since I can't make this work ('cause I'm an > idiot) and pserver is insecure and sucks, I'm going to set local > passwords for users that require pserver that are different from their > LDAP password. That way, their LDAP password won't go in the clear. Just another thought I had 1/2 a second after hitting 'send'...
Maybe SSH tunneling and/or authpf is useful here? You could get fancy with a full VPN - IPsec is well-supported by OpenBSD, and can be made to work on other systems, and OpenVPN is easy to install - but forwarding 2401/tcp most likely suffices. Joachim