On Fri, 2006-04-14 at 02:17 -0700, Howard Chu wrote: > In particular, it doesn't support write operations so it can't be used > as an actual management tool. However, Symas (and probably others) have > built up full-function modules along these lines. The Symas module > supports not only /etc/passwd, /etc/group, and /etc/shadow, but also the > TCB databases (e.g. /etc/security) used by AIX, HPUX, and SCO > OpenServer, giving you fully LDAP-enabled management of native > Unix/Linux security. (The upside of this approach vs pam/nss is that > users can always login to a host, regardless of (loss of) access to a > central LDAP server. The downside is that updating someone's account > info can take a non-trivial amount of time as it replicates from the > central server to every managed host.) >
Yes, I guess the Symas type of approach is what I was thinking. Perhaps you need to excuse my ignorance, I was thinking the Cobalt GUI would serve as the only management tool where writes occur to the passwd file as it works now. Then a local LDAP server with passwd backend could serve those authentications to my other apps. What would I need to replicate? My objective is only to get those users to authenticate against Postfix, IMAP, etc. But being a demo purpose module, I feel the recommendation on this list is to migrate the users and be done with it? -- Robert
