Subject: Re: integrating PAM
To: None <email@example.com,>
From: Bill Squier <firstname.lastname@example.org>
Date: 01/23/2003 23:38:38
On Thu, Jan 23, 2003 at 04:57:46PM -0500, Dan Melomedman wrote:
> Jason R Thorpe wrote:
> > See my last post about semantics :-)
> > LDAP is *not* an authentication mechanism. LDAP is a means of looking
> > up data -- in this case, user information. It's really more appropriate
> > to think of LDAP in the context of NSS, etc.:
> To clarify, LDAP directory is simply an electronic version of Rolodex.
> It can be used for either raw credential lookups, or password
> verification by binding with user credentials. Most frequently used
> format for storing user passwords is MD5 and SHA1 hashes in base64.
You are confused. You did not clarify LDAP, you obfuscated it by presenting
a particular use of a distributed directory service. LDAP has nothing to
do with users or authentication, but you can certainly use it to store
Bill Squier (email@example.com) http://www.netbsd.org
I know I don't deserve another chance, but this _is_ America,
and as an American, aren't I entitled to one? --Sideshow Bob.