Tom Ryan wrote:
Also, is there a reason this (the pam_passthru) module is not distributed in the rpm?It hasn't been fully tested yet, although it has been in production in Red Hat for a few months now - it's how we do the same thing - simple username/password auth against Kerberos.
Tom
On 7/25/06 4:32 PM, "Tom Ryan" <[EMAIL PROTECTED]> wrote:
On 7/25/06 4:22 PM, "Richard Megginson" <[EMAIL PROTECTED]> wrote:
> I.e. Allow me to authenticate a user (irregardless of whether
they
> have an account on the local system) by using the supplied
simple bind
> credentials and attempting a kerberos validation of them.
Yes, because with the plugin, fedora ds simply passes the
credentials
through to PAM, which can be configured to do kerberos auth
(local or
remote). So, instead of using saslauthd (as in openldap) you
just use
PAM to do the same thing.
I’m curious how the pam framework allows for a kerberos
principal/realm and password to be checked...
I.e. Lets say, in openldap, I have [EMAIL PROTECTED],
under openldap, this works as expected.
You’re saying that I can use the pam pass through module and then put
rhuid: [EMAIL PROTECTED]
And then in /etc/pam.d/ldapserver (or whatever I compile it as the
name to be), configure it in such a way that
Pam will return success..
Maybe pam_krb5.so?
Ahh.. Maybe no_user_check...
Now I see what you might be referring to..
Thanks!
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
