[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: User account policies
> Would it not be easier to just use the built in LDAP authentication modules
> for freeRadius and Squid ? Anyway, how do I implement my requirements ?
I authenticate perhaps a dozen services using LDAP. Maybe 4 of those offer
their own LDAP authentication routines; most just implement PAM. I use PAM
and pam_ldap for all of them, because
1) Doing so allows me to learn 1 syntax and behavior instead of 5.
2) Using PAM allows me to insert other modules (e.g. pam_cracklib) which
provide additional functionality.
3) Writing code for authentication is more dicy than it seems at first
blanch. pam_ldap is well-maintained and written with security in mind.
Many off the LDAP modules for other services are thrown together and
rarely looked at. I trust pam_ldap more.