Subject: Re: Centralized User and Password Management
To: <>
From: Luke Mewburn <lukem@NetBSD.org>
List: netbsd-users
Date: 11/24/2004 16:44:10
--7oqf3GZ7P06zs6V6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 24, 2004 at 12:18:43AM -0500, Chuck Swiger wrote:
  | Thomas T. Thai wrote:
  | >I'm curious what people are using to centralize authentication and use=
r,=20
  | >password, and services management. What are your thoughts on each? I'm=
=20
  | >aware of these Open Source solutions:
  | >
  | >- NIS (YP) - insecure
  | >- Hesiod + Kerberos
  |=20
  | The next two candidates would be LDAP and maybe even Apple's NetInfo.

Another possibility in the near future:
	Active Directory Services from a Microsoft Windows 200x Server
It's implemented on top of LDAP + Kerberos 5.
You can use kinit to get krb5 tickets from an ADS server in NetBSD.

Once NetBSD has PAM, it will be possible to port Samba's pam_winbind
module to NetBSD for authenticating users using their ADS account
details.   (We also need the nsswitch nss_winbind.so module, which
I have working privately and intend to feedback into the Samba3
mainline).

--7oqf3GZ7P06zs6V6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFBpB+qpBhtmn8zJHIRAlKgAJ4n6rF27T7R3FuoWDoXiOAjBbfUHgCfWVcN
l2thh6dXNbfJVDDhytElQ08=
=69Y/
-----END PGP SIGNATURE-----

--7oqf3GZ7P06zs6V6--