[TriLUG] LDAP Question
Michael Alan Dorman
mdorman at debian.org
Tue Aug 20 13:26:36 EDT 2002
Tanner Lovelace <lovelace at wayfarer.org> writes:
> Those help with getting the user data into ldap. Unfortunately,
> unless you store your passwords in ldap (not recommended) you end up
> having to reset everyone's passwords for whatever new system you use
> (kerberos in our case). Also, it doesn't help for generic user adds
> that happen later. :-/
Weeeeeell, you can use access controls to restrict access to the
userPassword attribute, and pretend that it's secure. :-)
Actually---and I'm embarassed to admit that I haven't done the
research to know where the magic's happening---when I drop something
in a userPassword attribute it gets encrypted automatically. Or maybe
it's Net::LDAP doing it. Must investigate.
> Clones of the command line interfaces would be fabulous. RPMs
> of all that (including Net::LDAP, which for some reason, I can't
> seem to find a Redhat RPM of) would be beyond expectation. :-)
Definitely beyond expectation, given my address. :-)
I'll see if I can't get something by the end of the week. I kind of
need these for other uses, so this is as good an excuse as any.
Has anyone ever actually seen a /etc/default/useradd file in the wild?
Anyone know the format? Ideally I'd be able to pull the same defaults
information as regular useradd, but nothing seems to document the
format the defaults are stored in...and I'm not sufficiently motivated
to go grovelling through source right at the moment...
Mike.
More information about the TriLUG
mailing list