[plug] User authentication

[Justin]

On Thu, 12 Dec 2002 01:14 pm, Chris Caston wrote:
> The option we are looking at right now is using out contact management
> SQL database to backend an openLDAP implemented and have some kinda
> authentication mechanism working off that,
<just for interest (or not)>
My $0.02
We are basically a Novell house - so we have a fair bit of time invested in 
edir and NDS, and Zenworks is great for giving the right people the right 
icons (and now runs with out Netware). But seen as the Netware Client drops 
your machines performance by 30 - 40 % (from what i can see) just by being on 
the machine - i have been investigating other ways of doing things.

One thing i checked out was to have Linux machines log into NDS using 
libpam-ldap and libpam-nss.. got that working fine - not a bad authentication 
method!
I have been thinking of having a samba domain, and authenticate all our legacy 
(windows) machines into that - with the database still in NDS. Not so easy to 
setup. Easiest option was to use libpam-radius to authenticate against our 
radius server. Worked a treat, except samba will not do encrypted passwords 
with PAM!

Next option was to use Samba and LDAP, against the NDS - finally got that 
working after a fair amount of pain. But i still need to manually enter 
ntpasswd and lmpasswd into NDS - as the smbpasswd -a option doesn't work with 
my current NDS schema (though it did work with openldap). I could probably 
work out a solution using dirxml, or fixup my schema better - but time has 
run out.

So i will be using a legacy (winNT) domain controller, with NDS for NT (now 
called Account Management for Windows) - until i come up with a better 
solution.
</just for interest (or not)>

But back to the original question. I would suggest going for an openldap 
directory - and maybe using http://pgina.cs.plu.edu/plugins/ for the Win2k 
machines, or as suggested use Samba, with LDAP to provide smb domain login.

Sorry for the rambling, i feel better now ;)

Justin