To help and learn LDAP.
To Help: create FDS 7.1 rpm,pkgadd and hp depot packages. To Lean: I heard it is possible to create a pure ldap authentication environment. ie any vaild user in a ldap server can login into a RH/Solaris box without adding an user entry in local /etc/passwd file. I was able to configure proftpd use ldap authentication, and wondering why not sshd or telnetd ? My last attempt ended with ldap guru saying it is on ldap server side(it need to support a RFCxxxx). The goal is to escape NIS authentication and go to a ldap unix environment.
T.J. Yang
Firstly - welcome!
T.J. Yang wrote:
To help and learn LDAP.
To Help: create FDS 7.1 rpm,pkgadd and hp depot packages.
Excellent. We definitely need better native package support.
To Lean: I heard it is possible to create a pure ldap authentication environment. ie any vaild user in a ldap server can login into a RH/Solaris box without adding an user entry in local /etc/passwd file. I was able to configure proftpd use ldap authentication, and wondering why not sshd or telnetd ?
If PAM supports it, it should work.
My last attempt ended with ldap guru saying it is on ldap server side(it need to support a RFCxxxx). The goal is to escape NIS authentication and go to a ldap unix environment.
Was it RFC 2307? This is the RFC that describes how LDAP can be used to replace NIS - the schema to support NIS clients.
T.J. Yang
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
From: Rich Megginson rmeggins@redhat.com Reply-To: "Fedora Directory server developer discussion." fedora-directory-devel@redhat.com To: "Fedora Directory server developer discussion." fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Why I am here ? Date: Tue, 23 Aug 2005 07:14:54 -0600
Firstly - welcome!
T.J. Yang wrote:
To help and learn LDAP.
To Help: create FDS 7.1 rpm,pkgadd and hp depot packages.
Excellent. We definitely need better native package support.
BUT ...
I have no bandwidth to write indvidual fds-7.1.spec package sources or package source for Solaris and HP-UX package management system.
What I can offer is to use the TWW HPMS system I know to create one software build source(in xml) to build fds binary and one package build source for all three unix platforms to generate native packages.
later
tj
To Lean: I heard it is possible to create a pure ldap authentication environment. ie any vaild user in a ldap server can login into a RH/Solaris box without adding an user entry in local /etc/passwd file. I was able to configure proftpd use ldap authentication, and wondering why not sshd or telnetd ?
If PAM supports it, it should work.
hmm, I remember I configured pam but in the end I need to insert an user name from ldap server into /etc/passwd so that telnet or ssh can work.
My last attempt ended with ldap guru saying it is on ldap server side(it need to support a RFCxxxx). The goal is to escape NIS authentication and go to a ldap unix environment.
Was it RFC 2307? This is the RFC that describes how LDAP can be used to replace NIS - the schema to support NIS clients.
Thanks. I will remember this number by heart now.
T.J. Yang
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
<< smime.p7s >>
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
T.J. Yang wrote:
I was able to configure proftpd use ldap authentication, and wondering why not sshd or telnetd ?
They both work, via pam_ldap.
My last attempt ended with ldap guru saying it is on ldap server side(it need to support a RFCxxxx).
Every LDAP server available today can work with pam_ldap. Pam_ldap supports the standard LDAP bind interface.
Here is a good page to start with:
http://www.yolinux.com/TUTORIALS/LDAP_Authentication.html
BR, -- mike
From: Mike Jackson mj@sci.fi Reply-To: "Fedora Directory server developer discussion." fedora-directory-devel@redhat.com To: "Fedora Directory server developer discussion." fedora-directory-devel@redhat.com Subject: Re: [Fedora-directory-devel] Why I am here ? Date: Fri, 26 Aug 2005 19:03:52 +0300
T.J. Yang wrote:
I was able to configure proftpd use ldap authentication, and wondering why not sshd or telnetd ?
They both work, via pam_ldap.
My last attempt ended with ldap guru saying it is on ldap server side(it need to support a RFCxxxx).
Every LDAP server available today can work with pam_ldap. Pam_ldap supports the standard LDAP bind interface.
Here is a good page to start with:
Thanks for the reply. I will have another test on RHEL AS3.0 to see if I can setup an RH linux box to accept telnet or ssh login via pam_ldap WITHOUT adding same uid into local /etc/passwd first.
tj
BR,
mike
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
389-devel@lists.fedoraproject.org
-
Mike Jackson -
Rich Megginson -
T.J. Yang