Leon> On Jan 2, 2009, at 10:24 AM, John Stoffel wrote: >> I just don't want to have to support LDAP on Solaris 8 if I can >> avoid it, though I guess it could be ok. Esp if we can easily >> tweak and restrict access in various ways. >> >> Should I look at the Padl.com stuff again? I looked at it a while >> ago, but they wanted alot of money at the time. Maybe it's >> changed... goes and looks. >> >> Hmm... looks like I can/should use either the nss_ldap, or the >> pam_ldap modules. Anyone have comments on using these on Solaris 8-10 >> systems? Any issues?
Leon> I used both on Solaris 8 several years ago (2001), and they Leon> worked well as a YP replacement. I thought I had the Leon> documentation on what I did, but can't find it now. I could Leon> probably dig up some config files if you need them, though. That would be helpful if you can send them on. In my site, I'll be using LDAP to unify multiple domains, while still providing redundancy and tolerance to network outages. Leon> The one thing I couldn't get working on Solaris 8 for some Leon> reason was TLS encryption for the LDAP sessions. I ended up Leon> using IPSec between hosts, which was surprisingly easy using the Leon> bundled Solaris 8 tools (which have since changed). I do have Leon> details on that here: Leon> http://www.occam.com/security/ Thanks for the pointer. I'm not going to worry as much about the TLS stuff, since I'm still stuck with NIS and it's known issues too, along with NFSv3 as well. Heck, some users are still using telnet and ftp for stuff. So no, we're not very secure internally. We do need to work better towards that state though. Thanks for the pointers, reading the docs shows me that I'll need *both* pam_ldap and nss_ldap in my setup, which isn't too bad at all. Thanks, John _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
