Leroy Tennison wrote:
I apologize for being so long in responding to this, I had asked the
original question in February and a couple of replies indicated that
they were unsure what I wanted. I believe that the following features
are critical on the client side:
Ability of the user to supply their context. I realize that this goes
beyond pam_ldap. Specifically, it will require that both graphical
and text logins:
be able to accept a user name and context
pass it on to the 'authenticator' and deal with error conditions
(bad context, etc.)
Basically, enhanced gdm and "login". What is the
Both NDS and AD have this ability.
By NDS I assume you mean Novell eDirectory? But
in reality, you're
talking about the whole client to server network stack in Netware and
Windows. This isn't just a server side thing.
The NDS implementation is better technically but surfaces the problem
that users don't understand context. AD accommodates the legacy
NetBIOS domain thinking which is a mistake in that it perpetuates flat
rather than hierarchical thinking. Their "email address" thinking
might be better.
The second enhancement would be to provide a way to have password
encryption without having to go to a full cryptographic
implementation. The overhead is just a little too much.
SASL Digest MD5 or CRAM.
If this raises more questions than answers I would be glad to
correspond with any one who is interested (and will do so in a little
more timely manner).
Fedora-directory-devel mailing list