There are a few other programs that might be useful, particularly if you have many users and do not want to configure everything manually.
security/pam_mkhomedir is a PAM module that always succeeds; its purpose is to create home directories for users which do not have them. If you have dozens of client servers and hundreds of users, it is much easier to use this and set up skeleton directories than to prepare every home directory.
sysutils/cpu is a pw(8)-like utility
that can be used to manage users in the LDAP directory. You can
call it directly, or wrap scripts around it. It can handle both
TLS (with the -x
flag) and SSL
(directly).
sysutils/ldapvi is a great utility for
editing LDAP values in an LDIF-like syntax. The directory (or
subsection of the directory) is presented in the editor chosen
by the EDITOR
environment variable. This makes
it easy to enable large-scale changes in the directory without
having to write a custom tool.
security/openssh-portable has the ability to contact an LDAP server to verify SSH keys. This is extremely nice if you have many servers and do not want to copy your public keys across all of them.
All FreeBSD documents are available for download at https://download.freebsd.org/ftp/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.