From: sun@bagdon.com
Date: Wed Feb 05 2003 - 10:16:19 EST
We are looking into using ldap and/or active-directory (don't ask!) to
authenticate to local hosts. But we have one issue - we want to limit who
can log into local hosts. We don't want to use ldap to identify who can
log in - we want to use ldap to identify the passwords of those who we
already say can log in. Looking through some docs, it appears that the
process is you put the non-ldap users in to /etc/passwd, then let ldap
deal with the ldap users. But that means EVERY ldap user can log into the
host.
The closest we've come so far is using the shell-methodology that RSA uses
for SecurID. In that case, you put a shell into /etc/passwd (sdshell?),
the users put's in their local password, then sdshell goes to the Ace
server and authenticate. If good, then spawn another shell. If not, it
closes the socket.
We envision the same thing - have a shell called ldapshell, have the
localhost password be null, then have the shell accept the ldap password -
if good spawn another shell, if bad close the socket.
But - if anyone knows how to authenticate to ldap, while still having a
close user-list, PLEASE feel free to speak up.
Thanks!!!
Steve B.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:46 EDT