Re: OpenDirectory: creating a LocalCachedUser?
Re: OpenDirectory: creating a LocalCachedUser?
- Subject: Re: OpenDirectory: creating a LocalCachedUser?
- From: Brian Bergstrand <email@hidden>
- Date: Mon, 22 May 2006 11:59:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 20, 2006, at 7:54 PM, Michael Bartosh wrote:
On May 17, 2006, at 6:15 PM, Brian Bergstrand wrote:
Hmmm, ok, guess I need to rephrase this question:
I have a directory user with no corresponding local account. I
want to allow the directory user to login to the GUI (or ssh) and
create a local user representing the directory user with a local
home directory. As part of the login, the directory user's network
home should be mounted as a standard share so they can access
their network files.
So, I have directory authentication working and I can mount a
network share easily, but it's the points in between that I don't
know how to complete. There's really no documentation/examples on
this procedure so I was hoping to get some help from the list.
I'd create a local user and give the ApplePasswordServer Auth
Authority if this directory we''re talking about is a Mac OS X
Server Open Directory domain. Make sure their NFSHomeDirectory (and
HomeDirectory) attributes reflect the network home.. An automount
record (stored in either the Network (LDAP) or local NetInfo
domain) is also required most of the time (and setting up network
homes that don't require a mount record is unsupported and requires
a lot of understanding of how the closed-source login process
works.. I've done it though).
Or you might just used a cached user, without including the the
portable home directory.
That's what I'm attempting to do now. It will be a cached user with
NFSHomeDirectory pointing to a local directory. As part of the
authentication, the plugin will also mount the users network home as
a standard share. At this point, I don't care about mobility or cache
sync support between the two. I just want to have the user login and
be able to read/write files to their network home through drag & drop
or Open/Save panels.
There are a ton of options here. Anything that's not point and
click requires a lot of work with both directories and the apps
that interact with them. A local identity that's authenticated from
a network directory system isn't necessarily rocket science ..
you'll also need to modify /etc/authorization if you want
loginwindow to do kerb correctly ..
No kerb - it's a custom auth protocol.
A lot depends on the Directory System in question. Is is Open Dir
server or something else? Like AD or some kind of home-grown LDAP
infrastructure.
It's actually a custom directory protocol, specifically Netware's
NDAP to access NDS.
-mb
Thanks for your help.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEce4AedHYW7bHtqIRAjN1AKCNEZ7SdEL7UnHDAu0wZgVd3BDa8gCdGCo6
L6SdRHixvnETZhFM1rhVOO8=
=6PPr
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden