Generally speaking you'd use PAM to for local authentication on a machine. And NSS to tie in the naming service.
PAM is 'pluggable authentication modules'. It's a way that you can configure various programs that use some sort of authentication from a central location.
NSS is for naming services.. This maps UID to usernames and GID to groups. Your going to have to take some effort and make sure that basic generic UIDs and GIDs match up between your Novell Linux and Ubuntu Linux.. then you would use LDAP to do the rest of the mappings for the various users and your own groups.
There is libpam-ldap package for tying PAM into a LDAP server and then there is libnss-ldap that will do the name server stuff. Then you'll have to configure the various little ldap configurations correctly in your /etc directory so that all the services know which ldap server to use.
I don't know all that would be involved into tying Ubuntu into eDirectory.. my only experiance is dealing with OpenLDAP and that is only from me playing around with it personally.
Once you get PAM and NSS setup correctly then local logins and GDM and anything else that uses PAM will 'just work'. (which is most everything)
side note:
Just be careful about any network services you want to configure to use LDAP. For example your FTP server typically uses PAM to authenticate against the local /etc/passwd file. If you configure PAM to use LDAP then your FTP server will automaticly use that.
But it doesn't improve the bad FTP security... if your accessing a FTP server your sending your username and password over the network at plain text. Using PAM to tie it into a LDAP server does not change this. This isn't something that is horrible, but just keep this in mind...
when you use something like kerberos you need to have kerberos-aware applications (generally using GSSAPI). So if you want to have the network security benefits of using kerberos with your ftp server you have to use a kerberos-aware FTP server.. configuring your ftp server to use pam and then using pam to tie into kerberos isn't going to cut it.
Now like I said I don't have any experience with eDirectory.. but I understand that it's more then just LDAP. Probably actually uses Kerberos in there. It's quite possible (and I figure likely) that Novell will have their own custom PAM modules that aren't going to be aviable via apt-get. Copying them over from the Novell clients should work. Beware of any licensing limitations, Novell does a per-seat arrangement, I don't know how all that works.
I figure if you go and look at the various pam, nss, and ldap configuration files on your Novell Linux desktop then it will give you a good idea were to start with your Ubuntu clients. It should work, eventually.
Hope that helps.
http://en.wikipedia.org/wiki/P...Authentication_Modules
http://www.kernel.org/pub/linux/libs/pam/
http://en.wikipedia.org/wiki/Name_Service_Switch
Facebook
Twitter