Subject: Re: integrating PAM
To: None <,>
From: Bill Squier <>
List: current-users
Date: 01/23/2003 23:38:38
On Thu, Jan 23, 2003 at 04:57:46PM -0500, Dan Melomedman wrote:
> Jason R Thorpe wrote:
> > See my last post about semantics :-)
> > 
> > LDAP is *not* an authentication mechanism.  LDAP is a means of looking
> > up data -- in this case, user information.  It's really more appropriate
> > to think of LDAP in the context of NSS, etc.:
> > 
> To clarify, LDAP directory is simply an electronic version of Rolodex.
> It can be used for either raw credential lookups, or password
> verification by binding with user credentials. Most frequently used
> format for storing user passwords is MD5 and SHA1 hashes in base64.

You are confused.  You did not clarify LDAP, you obfuscated it by presenting
a particular use of a distributed directory service.  LDAP has nothing to
do with users or authentication, but you can certainly use it to store
such information.

Bill Squier (                

        I know I don't deserve another chance, but this _is_ America,
        and as an American, aren't I entitled to one?  --Sideshow Bob.