Dear list users,
i am building my server (saslauthd,openldap,qmail) in order to get
those services integrated.
I am using openldap not only to qmail but to let users log in my unix server.
My ideia is to get a single source of login/password. So i implemented
a SSO solutions. Unix users open a unix session and from them can log
in into any other server without providing a login/password again.
Some application, does not supporte support SSO (like ftpd) and ask
for a login/password. When this happens the password is fetched from
the kerberos base. While i cannot have a full SSO deployed, at least i
can keep up with a single source of password, it is better than the
tradicional approach of one password for each system that an user want
to use.
By reading life with qmail, session "4.5 Fillling the Directory" the
attribute userPassword is:
userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
I would not like this approach, because the user specified by the
entry already have a password in kerberos.
Is there a mean by which i could tell: "Hey, lookup for the password
at xxxx.yyy.zzzz ?
In another words i want to avoid my users having to memorize more than
one password.
Thanks in advance.
