On Fri, Aug 15, 2008 at 08:36:04AM -0700, Christian McHugh wrote: > On Thursday 14 August 2008 00:42:37 Anton Floor wrote: > > has anyone tried to authenticate SGD users from Novell eDir? > > We were authenticating users with pam modules using the local unix auth for a > while. We've since cut over to using SGD's built in AD auth, but it worked > well. For eDir you'll need to configure ldap pam and nsswitch modules, then > you should be all set.
Authentication over LDAP is similar to NIS though; it's a very poor choice security-wise, and it does not give you single-sign-on. The *only* upside is buzzword compatibility, and even for that it's not top of the line anymore (Web 2.0 authentication anyone? ;) I'd suggest that you look seriously into restricting LDAP to do your authorization, and keeping authentication on Kerberos (which is the only game in town for secure network authentication with single-sign-on). Kerberos comes in several forms, one of them being AD (which combines Kerberos and LDAP in one branded package like several other vendors do). In other words: nss_ldap = good pam_ldap = bad pam_krb = good -- / jakob _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
