Log in

No account? Create an account

smacks head repeadedly

« previous entry | next entry »
Jun. 5th, 2003 | 09:38 am

So after discovering the NIS insecurity and wanting to keep UIDs and passwords synced between linux and mac-on-linux on my laptop I started playing with trying to get LDAP to do authentication.

I struggled, fought, watched slapd spew log information, enabled debugging in libnss-ldap, and then finally discovered why it didn't work for users.

the file /etc/libnss-ldap.conf needs to be world readable for apps being run by the user to figure out what ldap server they should talk to. I felt victorious and then removed my identity from the password file.

Which promptly failed, after putting my IDs back in the password file I worked for another day, finally discovering that when I'd reinstalled libnss-ldap it changed the root bind name so which meant that all of the services running as root couldn't connect to the ldap server. Meaning no logins.

But I resolved both problems--after several days of trying.

At least I learned quite a bit about ldap in the process.

As soon as I figure out how to create certificates I can try SSL enabled ldap which can replace NIS.

Though AFS looks to be an interesting replacement for NFS and would require setting up kerberos as well.

Link | Leave a comment |

Comments {0}