, David <abs@mono.org>
From: Henry B. Hotz <hotz@jpl.nasa.gov>
List: port-macppc
Date: 06/17/2003 11:03:17
At 1:28 PM -0400 6/17/03, Aron Roberts wrote:
>actually as I recall Mac OS X doesn't use /etc/passwd (or shadow)
>for authentication. It uses netinfo which in it's current form
>looks very LDAPish to me though I can't say I have actually looked
>into it.
>
>
>On Tuesday, June 17, 2003, at 01:04 PM, David wrote:
>
>> Is anything authenticating users logging into a MacOS-X box
>> against a NetBSD server, via NIS, Samba, or some other method?
>>
>> Actually I suppose I could rsync the password files across, but it
>> somehow seems inelegant :)
Not *so* bad, but you would need to configure netinfo to use the
actual password file instead of it's internal database. man netinfo,
lookupd, nidump.
NIS is supported. Look at the Directory Access utility.
The currently preferred method is to use LDAP. Again look at the
Directory Access utility.
Kerberos, unfortunately, is not currently supported. It was
announced for Jaguar. According to last year's WWDC you should be
able to set the AuthenticationAuthority attribute to
"1.0;Kerberos;<realm>" in the LDAPv3 plugin, but it doesn't work for
me. (It's also not in the published LDAPv3 plugin source code.)
There is enough mention of Kerberos in the program for this year's
WWDC that I am hoping to see a solution for Panther.
Now that I glance at the Directory Access utility I see that "BSD
configuration files" is an option so maybe you don't need to dig
through those netinfo man pages to use the rsync solution after all.
If you do this then note that the security services PAM module will
implement the Directory Access settings. Don't go monkeying with PAM
independently if you don't need to. Also if you tell the screen
saver to require the login password then it will.
Note, when I mentioned Kerberos, that I did *not* tell you to look at
an Apple tech note that tells you how to modify /etc/authorization to
make loginWindow use Kerberos. That will work for console login, but
it does not affect the screen saver or PAM.
Have fun!
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu