(Illustration by Gaich Muramatsu)
Ivan Popov wrote: >On Mon, May 09, 2005 at 10:08:08AM +0200, Yahya AZZOUZ wrote: > > >>We use NFS and LDAP for authentification via pam modules. >>We want to use CODA with LDAP but we are wondering if CODA supports LDAP. >>Are there some docs. >> >> > >Hi Yahya, > >how do you use LDAP for authentication? > >LDAP is not an authentication service, rather a directory one. >Coda does not use it. > >Regards, >-- >Ivan > > > Hi, Ivan! In some Linux distributions there is a possibility (if some manipulations with /etc/nsswitch.conf is done) to use LDAP through NSSwitch to check passwords with LDAP database (libnss_ldap.so provides this functionality). Although (I do agree) this is not the best way to do authentication (passwords may be spoofed unless proper SSL-ing is applied), but in local network environment, if LDAP database is already populated with users' accounts, this is quite common solution. With Coda this solution is not applicable. Coda do know nothing about nsswitch (as well as about /etc/passwd file), and uses separate authentication (clog and friends) and authorization (cfs setacl/listacl) data. It looks to me like dividing authentication and authorization processes is a mainstream and it is good to keep authentication data in kerberos database (as most of client applications recognize kerberos service) and authorization data in per-service databases.Received on 2005-05-11 08:35:19