Re: Problem with LDAP

[Steve McIntyre]

On Mon, Apr 04, 2005 at 02:27:18PM -0600, Yves Dorfsman wrote:
>> Not that I'm aware of, no. LDAP authentication was the reason why I
>> first patched PAM support into my local copy...
>
>Just so that we are clear: I am not trying to authenticate cvs users with
>ldap directly. Solaris is using ldap to authenticate, and I want cvs to
>still trust UNIX (Solaris) as far as authentication goes. I haven't
>checked the cvs source yet, but I am assuming cvs doesn't look for the
>password in /etc/passwd, /etc/shadow etc... but rather use a library call
>to the OS - I expect that the OS compare the password with whichever
>source it gets it from (files, NIS, ldap etc...).

That depends; on some OSes getpwent() and friends don't work with
nsswitch but always use local files anyway. :-(

>When you say you went to 1.12 for PAM support, was that because you needed
>a more granular control over who can use CVS, or you were in the same
>situation I am right now (the OS using ldap for auth) ?

I moved the systems here over to LDAP, then found that the pserver
didn't authenticate. Adding PAM support seemed to be the quickest way
to fix that, and also added more flexibility. Even if we've never used
that flexibility... :-)

-- 
Steve McIntyre, Cambridge, UK.                                address@hidden
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds

signature.asc
Description: Digital signature