Leroy Tennison wrote:
I apologize for being so long in responding to this, I had asked the original question in February and a couple of replies indicated that they were unsure what I wanted. I believe that the following features are critical on the client side:Ability of the user to supply their context. I realize that this goes beyond pam_ldap. Specifically, it will require that both graphical and text logins:be able to accept a user name and contextpass it on to the 'authenticator' and deal with error conditions (bad context, etc.)
Basically, enhanced gdm and "login". What is the context?
By NDS I assume you mean Novell eDirectory? But in reality, you're talking about the whole client to server network stack in Netware and Windows. This isn't just a server side thing.Both NDS and AD have this ability.
The NDS implementation is better technically but surfaces the problem that users don't understand context. AD accommodates the legacy NetBIOS domain thinking which is a mistake in that it perpetuates flat rather than hierarchical thinking. Their "email address" thinking might be better.The second enhancement would be to provide a way to have password encryption without having to go to a full cryptographic implementation. The overhead is just a little too much.
SASL Digest MD5 or CRAM.
If this raises more questions than answers I would be glad to correspond with any one who is interested (and will do so in a little more timely manner).-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
