Single point logon

Dominic Mitchell dom at happygiraffe.net
Thu Aug 8 23:23:10 BST 2002


On Thu, Aug 08, 2002 at 12:16:56PM +0100, Ian Morrison wrote:
> hey,
> 
> (great meeting last night btw..)
> 
> I was wondering if anyone here has some kind of single point logon
> system working;  crazy phrase, but essentially some way of centrally
> managing access any of the machines on a network.  As I understand it,
> Nis/Yp offers this functionality, but i'd rather not run all that rpc
> cruft.
> 
> I've heard people do this in various ways; ssh keys propagated via LDAP
> or CFEngine are two that spring to mind, squid perhaps another..  Has
> anyone got anything like this working on FreeBSD?  In a heterogenous
> environment (mac/pc/unix)?  Would be great to find out what people think
> in any event..

For the most part, I use rdist+ssh.  Works well enough for me.

However, for proper Single Sign On, you need a lot of infrastructure.
Double that if you want it to work on windows, too.

FreeBSD makes the process even more awkward by not supporting
nsswitch.conf (4.x) or by not supporting it properly (5.x has it, but it
doesn't do dynamically loadable modules that I can see).  This makes
even simple things like nss_ldap (to go with pam_ldap) range from
painful to impossible.

In an ideal world, getting winbindd
<http://us1.samba.org/samba/docs/man/winbindd.8.html> working would
be very nice.

-Dom




More information about the Ukfreebsd mailing list