Luke Mewburn wrote:

> On Wed, Nov 24, 2004 at 09:48:50AM +0100, Pavel Cahyna wrote:
>   | On Wed, 24 Nov 2004 05:44:10 +0000, Luke Mewburn wrote:
>   | 
>   | > On Wed, Nov 24, 2004 at 12:18:43AM -0500, Chuck Swiger wrote:
>   | >   | Thomas T. Thai wrote:
>   | >   | >I'm curious what people are using to centralize authentication and
>   | >   | >user, password, and services management. What are your thoughts on
>   | >   | >each? I'm aware of these Open Source solutions:
>   | >   | >
>   | >   | >- NIS (YP) - insecure
>   | >   | >- Hesiod + Kerberos
>   | >   | 
>   | >   | The next two candidates would be LDAP and maybe even Apple's NetInfo.
>   | > 
>   | > Another possibility in the near future:
>   | > 	Active Directory Services from a Microsoft Windows 200x Server
>   | > It's implemented on top of LDAP + Kerberos 5. You can use kinit to get
>   | > krb5 tickets from an ADS server in NetBSD.
>   | 
>   | Please, is it already possible to have the nss_ldap module on NetBSD to
>   | use any LDAP server as the user database?
> 
> No; unless someone else has ported nss_ldap.so to NetBSD-current.
> 
> Note that I recently changed the API between get{pw,gr}* and
> the NSS backends to make it easier to implement third party
> nss_foo modules like LDAP & Winbind.
> 
> I intend to port PADL's nss_ldap.so to NetBSD and/or write one from
> scratch, sometime in the future.

Will this mean that "ldap" can be an option for a "source" in nsswitch.conf?

If that's the case, then (I suspect) in combination with the built-in 
Heimdal KDC and OpenLDAP we could have a directory service that mimics 
Apple's Open Directory or Microsoft's Active Directory.

Is it reasonable to think that we're close to having such a thing in NetBSD?

Louis