openldap authentication on DragonFly BSD

Predrag Punosevac punosevac72 at gmail.com
Tue Nov 26 20:14:28 PST 2013


Dan Cross <crossd at gmail.com> wrote:

> On Tue, Nov 26, 2013 at 7:59 PM, Justin Sherrill <justin at shiningsilence.com>
> wrote:
> >
> > On Sun, Nov 24, 2013 at 9:30 PM, Predrag Punosevac <punosevac72 at gmail.com>
> wrote:
> >>
> >> I was wondering if somebody could point me to documentation explaining
> >> how to configure DragonFly BSD to authenticate its users vis LDAP
> >> server. I will briefly describe LDAP requirement.
> >
> >
> > DragonFly compiles /bin and /sbin as static binaries, which is good if
> you are worried about a problem making /usr unavailable. However, nss/pam
> assume you have dynamic binaries and use that to load libraries, so that
> can't be used - yet.  There's been some discussion of it previously,
> including today on IRC #dragonfly, and some work there, but it isn't yet
> set up.
> >
> > I may have some of the details wrong - someone can correct me if so.  I
> could certainly use it.
>
> I can't comment on the correctness, but this is one thing I kind of thing
> OpenBSD gets right with their login_* framework: rather than link against
> something, just use a separate binary to do the authentication.  PAM always
> struck me as a solution looking for a wrong problem.
>
>         - Dan C.

An alternative approach would be System Security Services Daemon (SSSD)
from Red Hat. I have not compared to SSSD to OpenBSD's ypldapd much but
it was breeze to set up and works so far really well.

Predrag



More information about the Users mailing list