I thought I would loop back and update here in case anyone else in the future has questions on this. I eventually did try the login_ldap (which is available as a package as well) and while it does work and is well documented in the man pages it still has some limitations.
I was hoping for something which would allow the use of the LDAP directory to lookup user accounts instead of the passwd file. This is not the case, you still need to make an entry for all users (again the man page gives an example). It does however appear that it allows fairly specific filtering based on LDAP groups, however given an entry needs to be made on the local system it seems somewhat moot.
Further it seems that the login_ldap goes further than just verifying a user, it will actually do the authentication as well. I have not tested very extensively but I have a hunch that it might send clear text passwords if your LDAP server is not setup for SSL only logins. Given this it seems the kerberos is the better way to go for now.
|