Stephen Shirley wrote:
> From my experience, ldap is horribly complex. I tried setting it up in
> a test enviroment about 6 months ago, and i eventually managed to
> cludge something togther. Using mysql as a backend otoh is really
> straight forward, once you're familiar with sql.
I agree, I followed pretty much the same course of thought. It seems too
much like a chore to try and make ldap do the job when it seems so much
simpler in mysql.
>> The problem with using pam-mysql for auth is that you're limited to
> allowing auth only from services that run as root. This was a big
> limitation for me, so i switched to using kerberos instead, and now i
> can do all auth (including website) against pam. This is a really big win.
I'd be interested to know more about the kerberos side, and how that
works. I've had a brief play around with libnss-mysql this evening, and
ssh access is fine. I envisage other applications (pop/imap, web etc)
using this, and so non-root access is an issue.
> One other issue is that there is no tools for manipulating nss-mysql
> (that i found, at least), so i wrote my own.
mysql? :)
> Just finished it yesterday as it happens ,-) It allows you to
> add/remove/list users and groups in nss-mysql. I'm planning to
> package/publish it fairly shortly. I have apache, courier-imap, ssh,
> postfix etc, all working nicely with this setup.
Cool. I look forward to seeing it.
Thanks for the feedback,
Ciaran.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
