[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WLAN gateway with authpf for a large network


I'm currently building a WLAN gateway that will be used for unencrypted internet
access for a network with about 700 users. The problem is that all users are
currently in LDAP and authentication is done with kerberos. This can't be
changed as the network needs to support windows and unix logons for all users
with the same passwords and shared home directories for both systems. The LDAP
server is actually a Win2K3 AD.

Now OpenBSD doesn't support nss, so nss_ldap can't be used to retrieve the user
information, but kerberos can be used for authentication. Does anyone have any
idea how SSH-logins to the WLAN gateway could be done? I thought about the
following options:

- Implement a program that dumps the LDAP database and syncronizes its users
  with /etc/passwd and /etc/group

- Patch OpenSSH so that if getpwnam doesn't return a uid and gid for the user,
  then return the uid and gid of a special user "wlan" and run authpf under
  that user if kerberos authentication is successfull.

I'm not sure that the latter approach works, but it would be very easy to
implement. Anyone else got any better ideas or implementations?


Visit your host, monkey.org