this is just an idea. We plan to set up some LDAP directory as addressbook. Maybe it's possible to make user authorisations via LDAP. I think I've heard abount a "pam_ldap" module. For linux this could work. Maybe there's some solution for Windows, too, maybe samba or Win2K.
Can (Open-) LDAP be used as YP replacement? When useing MD5 hashes (shouldn't be a problem, I guess) it would be more secure than YP.
LDAP use SASL, and SASL supports the following mechanisms: ANONYMOUS CRAM-MD5 DIGEST-MD5 GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5) KERBEROS_V4 PLAIN you can also tell SASL to use pam.
Does anybody tried such things in practise? Is it stable or experimental stuff only? Is LDAP itself maybe a security problem?
All LDAP requests may be encrypted using SSL, so it shouldn't be a problem. Check out http://www.mi.infn.it/~lobiondo/ldapnis.pdf Further questions (bout' setup) should be posted to the OpenLDAP mailinglist or PADL's mailinglist (pam_ldap). -- Ørnulf Nielsen