On Dec 13, 2005, at 8:36 am, Jose Gonzalez Gomez wrote:
Finally, we need to add users to both the Linux server and the
Windows domain. Here lies an obvious deficiency with this
solution. We have provided an enterprise-scalable authentication
mechanism but not an enterprise-scalable account-management
mechanism.
Is this really the case, please? I had just decided that PAM was the
way to go for me until I read this.
I've never done this, but theoretically you could authenticate
against a PDC using Kerberos and then use that Kerberos ticket to
connect to any machine in your network using SSH (SSH has builtin
support for SSO using Kerberos). I've successfully configured SSO in
this way, but authentication was done against an OpenLDAP/Heimdal
server. But weren't we talking about IMAP servers?
We are - using PAM the authentication mechanism can be applied to any
service, but of course the IMAP server needs somewhere to store users'
mailboxes.
That's the problem I'm getting at the moment - the user authenticates
ok (using Samba's winbind & PAM) but the IMAP server exits because it
can't "chdir" into the user's home directory (which doesn't exist). I'm
told I can use `pam_mkhomedir` to solve this, but I'm beginning to
wonder if I've gone up the wrong path with winbind.
Winbind _is_ authenticating beautifully for me, and wasn't too hard to
setup, so I'm curious how other authentication mechanisms (Mr Busleiman
suggested several) handle this.
Stroller.
--
gentoo-user@gentoo.org mailing list
