Re: LDAP and Linux compatibility

• Previous message: Lowell Gilbert: "Re: LDAP and Linux compatibility"
• In reply to: Lowell Gilbert: "Re: LDAP and Linux compatibility"
• Next in thread: Michael Collette: "Re: LDAP and Linux compatibility"
• Reply: Michael Collette: "Re: LDAP and Linux compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 20 Mar 2005 13:37:43 -0800
To: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>

On 20 Mar 2005 09:54:55 -0500, Lowell Gilbert
<freebsd-security-local@be-well.ilk.org> wrote:
> Michael Collette <metrol.net@gmail.com> writes:
>
> > Please excuse a wee bit of cross posting here. It seems that the
> > questions list may not be the appropriate place for this as I've found
> > a number of unanswered posts involving this topic.
>
> On the -ports list, somebody pointed out that the linux-base ports
> include advice to to edit /compat/linux/etc/yp.conf (I'm using NIS).
> I haven't tried this yet, but it makes sense that it would be
> necessary. For your case with LDAP, I suspect you would need to
> configure nsswitch.conf, probably the same way as the FreeBSD version
> in your real /etc directory.

The problem is, NIS is a built in feature of both FreeBSD and Linux.
Configuring FreeBSD to utilize LDAP involves at least 4 additional
ports. You need pam_ldap, nss_ldap, openldap-client, and openssl.
The 4th of course being optional but highly desirable for security
reasons.

Without this additional software neither FreeBSD nor the compat/Linux
install will do a lookup to an LDAP directory. It wouldn't know how,
as you have to properly configure both pam_ldap and nss_ldap so they
know how to query the directory.

I would think that the most desirable behavior would be to have any
Linux calls to getpwuid_r() answered by the FreeBSD libraries rather
than a direct attempt to look at the passwd database. Well, assuming
that's what is happening. It just seems redundant to have to
configure authentication for the base system, then do it again for the
Linux compatiblity.

Later on,

-- 
"When you come to a fork in the road....Take it"
- Yogi Berra
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Lowell Gilbert: "Re: LDAP and Linux compatibility"
• In reply to: Lowell Gilbert: "Re: LDAP and Linux compatibility"
• Next in thread: Michael Collette: "Re: LDAP and Linux compatibility"
• Reply: Michael Collette: "Re: LDAP and Linux compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: LDAP and Linux compatibility ... In /etc/profile I'm calling a shell script called inituser.sh. ... With this in play, FreeBSD is properly ... For your case with LDAP, I suspect you would need to ... NIS is a built in feature of both FreeBSD and Linux. ... (FreeBSD-Security) Re: FreeBSD 4.x Opteron Question ... the FreeBSD developers told everyone that 5.3 was da ... initially over linux not because there's a bunch of good guys on the ... My tests measure kernel performance; ... > a networking device is a key performance indicator. ... (freebsd-questions) Re: Newbie Experience ... I've only been around since FreeBSD 5.4 ... FreeBSD kernel too. ... always sunshine and linux is farts. ... in the hey day of AT&T Unix I'm ... (freebsd-questions) Re: Review of FreeBSD 5.4 ... but not less problems compared to FreeBSD. ... If you like to have a bleeding edge system using debian --- just go ... > the linux kernel suffers. ... When the kernel suffers, everyone who uses ... (comp.unix.bsd.freebsd.misc) Re: FreeBSD & Linux distro ... as a FreeBSD advocacy the tone of the article should be neutral and all ... do not like Linux and more over I have never used it in my life but I ... Statement of the type BSD appears more stable than Linux is ... fewer FreeBSD advocates make claims like that, however, is part of the ... (freebsd-questions)