Coda File System

Re: coda / ldap

From: mkondrin <mkondrin_at_hppi.troitsk.ru>
Date: Wed, 11 May 2005 16:22:19 +0400
Ivan Popov wrote:

>On Mon, May 09, 2005 at 10:08:08AM +0200, Yahya AZZOUZ wrote:
>  
>
>>We use NFS and LDAP for authentification via pam modules.
>>We want to use CODA with LDAP but we are wondering if CODA supports LDAP.
>>Are there some docs.
>>    
>>
>
>Hi Yahya,
>
>how do you use LDAP for authentication?
>
>LDAP is not an authentication service, rather a directory one.
>Coda does not use it.
>
>Regards,
>--
>Ivan
>
>  
>
Hi, Ivan!
In some Linux distributions there is a possibility (if some 
manipulations with /etc/nsswitch.conf is done) to use LDAP through 
NSSwitch to check passwords with LDAP database (libnss_ldap.so provides 
this functionality). Although (I do agree) this is not the best way to 
do authentication (passwords may be spoofed unless proper SSL-ing is 
applied), but in local network environment, if LDAP database is already 
populated with users' accounts, this is quite common solution.
With Coda this solution is not applicable. Coda do know nothing about 
nsswitch (as well as about /etc/passwd file), and uses separate 
authentication (clog and friends) and authorization (cfs setacl/listacl) 
data. It looks to me like dividing authentication and authorization 
processes is a mainstream and it is  good to keep authentication data in 
kerberos database (as most of client applications recognize kerberos 
service) and authorization data in per-service databases.
Received on 2005-05-11 08:35:19