LDAP user account without local account - BSD

This is a discussion on LDAP user account without local account - BSD ; After reading the article titled "Authentication of user accounts on OpenBSD using LDAP via RADIUS" it appears that in order to authenticate a user via LDAP you must first add the user to the local user list with a blank ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: LDAP user account without local account

  1. LDAP user account without local account

    After reading the article titled "Authentication of user accounts on
    OpenBSD using LDAP via RADIUS" it appears that in order to authenticate
    a user via LDAP you must first add the user to the local user list with
    a blank password field which then forces the user to authenticate via
    LDAP assuming authentication is configured properly. Is this correct?
    My ultimate goal is to be able to authenticate users via Kerberos when
    their user records reside in LDAP and not on the local OpenBSD machine.

    Is this even possible?

    Thanks in advance,
    Wil Harper


  2. Re: LDAP user account without local account

    On Wed, 30 Nov 2005 16:08:50 -0800, Wil Harper wrote:

    > After reading the article titled "Authentication of user accounts on
    > OpenBSD using LDAP via RADIUS" it appears that in order to authenticate
    > a user via LDAP you must first add the user to the local user list with
    > a blank password field which then forces the user to authenticate via
    > LDAP assuming authentication is configured properly. Is this correct?



    If you had read the FAQ on the OpenBSD web site, you would know. These are
    the basics.


    > My ultimate goal is to be able to authenticate users via Kerberos when
    > their user records reside in LDAP and not on the local OpenBSD machine.
    >
    > Is this even possible?



    Yes it is, but do some research next time and think twice before asking in
    this newsgroup, I know where you live and I know where your children
    study. You've been warned.


    > Thanks in advance,


    You're being sarcactic. I don't like that.


    --
    Theo de Raadt.
    http://www.openbsd.org/

+ Reply to Thread