Re: porting PAM

On Thu, 29 May 2003, Alejandro G. Belluscio wrote:

> Thursday, May 29, 2003, 2:19:10 PM, you wrote:

You could start by looking at login_ldap by Peter Werner (http://www.ifost.org.au/~peterw/). It's already it the ports tree: sysutils/login_ldap.

According to the CAVEATS section of its manpage login_ldap(8)   OpenBSD does not ship with an ldap server in the default install, however   OpenLDAP is available via packages(7).

  Until OpenBSD gets an nsswitch implementation or something similar, every   user in the LDAP server will need to have a valid passwd file entry. This   can be achieved by using the useradd(8) utility with similar arguments to   this: useradd -m -d /home/peterw -s /bin/sh -L ldap peterw

  As of version 3.3 login_ldap no longer installs setuid root. It is   believed that elevated priveledges are not neccessary in most cases, but   potentially this could cause a problem. Making the login_ldap binary   setuid root should be tried as part of site installation debugging if   things aren't working. If you find you do need the setuid bit set,   please let the authors know.

http://www.deadly.org/article.php3?sid=20030311135606 lists some of the problems of login_ldap
* OpenBSD lacks a nsswitch implementation. Luke Mewburn wrote a nsswitch implementation for NetBSD and this was ported to FreeBSD 5. * login_ldap requires OpenLDAP. Someone suggested using tinyldap instead (http://fefe.de/tinyldap/).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

Cheers,

Dries

--
Dries Schellekens
email: gwyllion@ulyssis.org