Tarjei Huse <[EMAIL PROTECTED]> said:
You could use PAM LDAP with our midgard shell backend to openldap...
regards
alan
> Maybe this is something to think of for 2.0:
> Drop pam. Use ldap. Then define a sitegroup attribute to use in midgard. If
> there is no sitegroup attrib. then no access.
>
> LDAP is far more fun :-)
> Tarjei
>
> > -----Original Message-----
> > From: Emiliano [mailto:[EMAIL PROTECTED]]
> > Sent: 23. mai 2001 21:28
> > To: [EMAIL PROTECTED]
> > Subject: Re: [midgard-user] Migrating NT user accounts to Linux redhat
> > 7.0
> >
> >
> > Henri Bergius wrote:
> >
> > > On Wed, 23 May 2001, Emiliano wrote:
> > >
> > >> It's not impossible, all we'd need is to have mod_midgard be
> > >> pam-enabled. The problems with this are twofold: one,
> > managing users
> > >> within midgard would become very hard (since we can't
> > simply get them
> > >> from the database as we do now), and two, I don't think
> > PAM handles
> > >> domains (what we'd call sitegroups).
> > >
> > >
> > > We should be able to map person accounts in Midgard to
> > > PAM users by the username.
> >
> > That's fragile, though. A change in username (granted, that's not too
> > common) would not propagate, and you'd have to create a new
> > Midgard user
> > account whenever a new NT account is created.
> >
> > > However, as you said, handling
> > > sitegroups would be difficult. I think the only solution
> > > here would be to allow only one sitegroup (SG0?) on the server
> > > to be PAM-authenticated, or disable overlapping usernames
> > > between SGs, which would cause problems with the SG concept.
> >
> > Yes.
> >
> > > Another solution would be to just dump periodically the
> > > whole PAM user account set into Midgard's person table.
> >
> > That's better than manually synchronizing them, but it still doesn't
> > touch the domains (sitegroups and multidb) issue, and you can't get
> > passwords from PAM, only verify.
> >
> > Emile
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
Technical Director
Linux Center (HK) Ltd.
www.hklc.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
