There are a few other programs that might be useful, particularly if you have many users and do not want to configure everything manually.
security/pam_mkhomedir
is
a PAM module that always succeeds; its purpose is to create home
directories for users which do not have them. If you have dozens of
client servers and hundreds of users, it is much easier to use this
and set up skeleton directories than to prepare every home
directory.
sysutils/cpu
is a
pw(8)-like utility that can be used to manage users in the LDAP
directory. You can call it directly, or wrap scripts around it. It
can handle both TLS (with the -x
flag) and
SSL (directly).
sysutils/ldapvi
is a great
utility for editing LDAP values in an LDIF-like syntax. The
directory (or subsection of the directory) is presented in the
editor chosen by the EDITOR
environment variable.
This makes it easy to enable large-scale changes in the directory
without having to write a custom tool.
security/openssh-portable
has the ability to contact an LDAP server to verify
SSH keys. This is extremely nice if you
have many servers and do not want to copy your public keys across
all of them.
This, and other documents, can be downloaded from http://ftp.FreeBSD.org/pub/FreeBSD/doc/
For questions about FreeBSD, read the
documentation before
contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.