I'm fooling with LDAP authentication as well, but for a web-based login
project that looks simpler than what you are doing. I'm really just
starting to dabble with LDAP. You can add some form of access control
representing authorizations to an LDAP entry. I haven't tried that out
yet, I consider myself lucky to be able to do an authenticated bind on a
user under test conditions.
Bob Cochran
Jesse Keating wrote:
So, I'm trying to set up a system here at work that uses LDAP for
central user auth, for both posix (nss_ldap) users, and for samba
users. For even more fun, I plan on automounting the user's home dirs
(and possibly other shares). These automounts will be based on the
login name and the password supplied at login time. I've found a tool
named pam_mount, that is supposed to take the password given at login
time and re-apply it later for mounting volumes. The problem is that
the documentation is extremely sparse, and I've no clue whether or not
it works with nss_ldap.
Do any of you fine folks know of a way that I can have a user's home dir
mounted at login time, based upon their login name and the password
they provided at login time? I'm trying to get around the insecurities
of NFS and host-based spoofs, by requiring that extra login before you
get the file system. Please don't suggest NIS(+) or NFS, unless you
have a way of securing NFS so that it requires a password as well as a
correct host, but can be done at login time, using LDAP user/pass.
TIA!
--
Bob Cochran
Greenbelt, Maryland, USA
http://greenbeltcomputer.biz/