[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP/mail interaction
David J N Begley wrote:
> On Wed, 14 Jul 1999, Jeff Clowser wrote:
>
> > Second is that the side effect of this would be that users could also
> > log into the machine, ftp to it, etc - they could use whatever other
> > user based services are on that box, which could be bad.
>
> Argh.. hit send too quickly. You can "play games" to have the users "exist"
> (for services like email - Sendmail, etc.) on the Unix machine (ie., they
> still must have UIDs and such) without actually letting them login (so
> home directories may not exist, or something).
>
> For example - PAM-based systems can selectively use (or not) the remote
> directory service (LDAP) on an application-by-application basis; things like
> FTP and TELNET could be told to only use the local /etc/passwd files, whilst
> POP daemons would use /etc/passwd files and a remote LDAP service (thus,
> LDAP-only users could login to check mail, but couldn't FTP or TELNET into the
> machine).
True - I've read and researched a lot of this,
so haven't put it into practice, so some of my
concerns are out of ignorance and really won't
be a problem.
On a side note, my experience with Irix is from
back in the days of Irix 5.x. Just found that
with Irix 6.x, LDAP is built in as an /etc/passwd
replacement, which is very cool - 90% of the
problem is already solved.
Also want to thank all the people who responded
back - it's amazing how much great feedback this
list provides.
--
Jeff Clowser
mailto:jclowser@aerotek.com Hanover MD 21076 USA
Phone: (410)-579-4328 7312 Parkway Drive