Subject: Re: Authenticating NetBSD Clients to W2k servers
To: None <netbsd-users@netbsd.org>
From: Michael Neumann <neumann@s-direktnet.de>
List: netbsd-users
Date: 01/24/2002 20:18:39
Christoph Kaegi wrote:
> Dear fellow NetBSDers
> 
> Is it possible, to login to a NetBSD Workstation and have it:
> 
> - authenticate me through Kerberos

try klogin

> - get userdata (uid,gid,home,shell, etc.) via ldap
> 
> without haveing a local account?

I tried your second point with Linux (Suse 7.1 :() and PAM (pam_ldap).
The authentification works perfect, but login aborts with a memory
exception error (I don't know exactly the reason).
I guess the problem is that some shells and other programs read 
/etc/passwd to extract the username and group from the given uid/gid.

Maybe it would work if you get the user information via NSS which in
turn gets the informations via LDAP (nss_ldap), but I've not tried it yet.

Another (simple) solution is to synchronize /etc/passwd across several servers 
using rsync.

> I've been reading alot of information the last two weeks but didn't
> get a clear picture of how all those standards and technologies like
> nss_ldap, GSSAPI, TLS, SASL or even PAM would play together.
> 
> I also couldn't find definitive information, about how or if
> NetBSD supports pam/pam_ldap. 

There is a PAM and pam-ldap package in pkgsrc/security.
But as I had only negative experiences yet with PAM, I'll not try it on
NetBSD :)

> Is there anyone who knows and can enlighten me?

I am interested in a solution, too.

> Thanks very much in advance

Regards,

  Michael

-- 
Michael Neumann
merlin.zwo InfoDesign GmbH
http://www.merlin-zwo.de