No, not using LDAP. (the actual Linux logons are isolated to
developers and admins)  Until recently our LDAP solution was a bit....
buggy.  We went with a company named Symas who sells a solution built
around OpenLDAP (essentially OpenLDAP with code optimizations and
off-the-shelf integration of Windows domain synchronization), and then
our coders snagged it and started adding their own hooks into the BDB
files when creating a GUI for helpdesk.
It's a complicated story, but basically I just kept an island unto
myself because of the flux of power-struggles. *shrugs*  I don't do
politics, and you know how that is.
We've since replaced Symas LDAP with Active Directory.  I've authed a
couple of machines against AD just to say "hey, yeah, it can be done,
look at xyz" but it's a convoluted process of kerberos and ldap
through pam.

I'm going to look into what Richard and TJ said.  Thanks guys, I
appreciate it.  Thanks for the URLs!


--Dan

On 12/16/05, Craig White <craigwhite@azapple.com> wrote:

> 160 machines? Not using LDAP?
>
> fedora directory server has a fairly mature password policy. OpenLDAP
> finally added password policy in latest but haven't used it.
>
> Craig
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss