password history ability with pam?
Craig White
craigwhite at azapple.com
Fri Dec 16 11:20:14 MST 2005
On Fri, 2005-12-16 at 10:52 -0700, Dan Lund wrote:
> No, not using LDAP. (the actual Linux logons are isolated to
> developers and admins) Until recently our LDAP solution was a bit....
> buggy. We went with a company named Symas who sells a solution built
> around OpenLDAP (essentially OpenLDAP with code optimizations and
> off-the-shelf integration of Windows domain synchronization), and then
> our coders snagged it and started adding their own hooks into the BDB
> files when creating a GUI for helpdesk.
> It's a complicated story, but basically I just kept an island unto
> myself because of the flux of power-struggles. *shrugs* I don't do
> politics, and you know how that is.
> We've since replaced Symas LDAP with Active Directory. I've authed a
> couple of machines against AD just to say "hey, yeah, it can be done,
> look at xyz" but it's a convoluted process of kerberos and ldap
> through pam.
>
> I'm going to look into what Richard and TJ said. Thanks guys, I
> appreciate it. Thanks for the URLs!
>
----
for a bit of history/politics - Symas provides much of the development
code for openldap
As for the convoluted process...somewhat - samba 4 will probably ease
out some of the convolution but that is down the road.
Craig
More information about the PLUG-discuss
mailing list