LDAP authenticating for Jails.

Wael Nasreddine mla at nasreddine.com
Tue Mar 18 04:22:07 UTC 2008


I just finished setting up my server, I installed FreeBSD 7-RELEASE
host + 7 jails, 2 of them are USERS and MAIL, the USERS is a jail
where users should login via SSH..

For my Mail system, I have both the virtual mail with authenticating
from MySQL, and home-mail with PAM authentication, all done via
courier-imap and authlib... the reason I have such setup is because I
use fetchmail/procmail ( for multiple user ) to download all my email
accounts and store them in my home folder, delivery would be via IMAP

Anyway, the users used to change their email password ( the home-mail
password) using usual passwd mechanism, but since the MAIL is
received/sent on another Jail, I have to come up with a way to
authenticate from a shared database ( or if it's possible to
synchronise password changes between jails which I doubt ), So I
thought of creating a new jail with only an LDAP server running, with
all users accounts, this way SSH can login to USERS jail and IMAP to
MAIL jail using the same password, but I have never done this before
so I might need some help...

First things first, If I deployed this mechanism, will the user be
able to change the password with a simple passwd command? Or should he
go through LDAP ( phpMyLDAP ?? )

Could you please point me in the direction of having such mechanism ?
I found this tutorial[1] but I'm not sure if it's outdated or not...

[1]: http://chaos.untouchable.net/index.php/HOWTO_setup_freebsd_6_ldap_authentication


Wael Nasreddine
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724  DE12 5565 3945 C8DD 18A2

.: An infinite number of monkeys typing into GNU emacs,
   would never make a good program. (L. Torvalds 1995) :.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080318/e084c0ff/attachment.pgp

More information about the freebsd-questions mailing list