Subject: Re: Authenticating NetBSD Clients to W2k servers
To: None <email@example.com>
From: Michael Neumann <firstname.lastname@example.org>
Date: 01/24/2002 20:18:39
Christoph Kaegi wrote:
> Dear fellow NetBSDers
> Is it possible, to login to a NetBSD Workstation and have it:
> - authenticate me through Kerberos
> - get userdata (uid,gid,home,shell, etc.) via ldap
> without haveing a local account?
I tried your second point with Linux (Suse 7.1 :() and PAM (pam_ldap).
The authentification works perfect, but login aborts with a memory
exception error (I don't know exactly the reason).
I guess the problem is that some shells and other programs read
/etc/passwd to extract the username and group from the given uid/gid.
Maybe it would work if you get the user information via NSS which in
turn gets the informations via LDAP (nss_ldap), but I've not tried it yet.
Another (simple) solution is to synchronize /etc/passwd across several servers
> I've been reading alot of information the last two weeks but didn't
> get a clear picture of how all those standards and technologies like
> nss_ldap, GSSAPI, TLS, SASL or even PAM would play together.
> I also couldn't find definitive information, about how or if
> NetBSD supports pam/pam_ldap.
There is a PAM and pam-ldap package in pkgsrc/security.
But as I had only negative experiences yet with PAM, I'll not try it on
> Is there anyone who knows and can enlighten me?
I am interested in a solution, too.
> Thanks very much in advance
merlin.zwo InfoDesign GmbH