Re: [CentOS] vectoring IRC / Jabber logins to AD?
Craig White wrote: The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address. But those may or may not be the same ones you'd find in AD. any reasonable LDAP implementation allows you to define the DN (or DN's) to be used for various purposes But the people managing AD may have no interest in supporting other applications. In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in. I'd settle for not having yet another password. sure - makes sense - how many different jabber servers are you running? A couple, currently used by small sets of people but it's likely to expand (the people, not necessarily the servers). I want to set up at least one of them with OpenNMS spewing its notifications into a multiuser chat room that the network operators can join. What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them. Which is why you'd want to set up PAM once, not login/ssh/imap/pop/http/smtp/samba and all those other applications that want a password. Especially when you want to be able to add local accounts in addition to using a network authentication mechanism. sure - makes sense - how many different jabber servers are you running? You are simply looking through a lens that says corporate users, corporate login accounts, etc. That's fine but I get the distinct impression that it is hardly the typical setup. When someone mentions AD, I'd assume corporate users, existing logins, existing passwords and password change policy - and probably some MS-centric people managing it who may not want to help glue on some open-source parts. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Tue, 2008-04-22 at 13:00 -0500, Les Mikesell wrote: > Craig White wrote: > > > > >>> The way you've posed the question, it has nothing to do with CentOS, so I > >>> am > >>> unsurprised you got crap for it on IRC. > >> I thought one of the big deals in Centos was the ability to configure > >> PAM to authenticate anywhere you want and all the apps use the same > >> settings? Isn't that true, or aren't there any jabber/IRC servers that > >> are bundled properly into the distribution? > >> > >> This sounds very much like a distro-centric question to me, even if the > >> answer turns out to be that Centos doesn't provide that. > > > > actually no. > > > > I am currently using ejabberd and it is not common to authenticate > > 'real' users but certain possible. > > Are you speaking for places that actually have all of their users in AD > when you say it is not common authenticate real users? I'm talking about jabber implementations. I get the impression from the couple I have set up that the authors don't consider authenticating 'system users' aka 'real users' as their primary usage > > > The point of authenticating against LDAP is rarely do you only want > > user/id authentication but you also want address books/user lists and > > other attributes that can be useful such as e-mail address. > > But those may or may not be the same ones you'd find in AD. any reasonable LDAP implementation allows you to define the DN (or DN's) to be used for various purposes > > > In addition, jabber servers do have to store attributes about users so > > there's little to be served by marrying PAM functions in. > > I'd settle for not having yet another password. sure - makes sense - how many different jabber servers are you running? > > > What you should have noticed here Les, is that Windows AD users are > > mostly clueless to how LDAP works and integrating Windows AD/LDAP into > > other software is a challenge for them. > > Which is why you'd want to set up PAM once, not > login/ssh/imap/pop/http/smtp/samba and all those other applications that > want a password. Especially when you want to be able to add local > accounts in addition to using a network authentication mechanism. sure - makes sense - how many different jabber servers are you running? You are simply looking through a lens that says corporate users, corporate login accounts, etc. That's fine but I get the distinct impression that it is hardly the typical setup. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
Craig White wrote: > The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC. I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution? This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that. actually no. I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible. Are you speaking for places that actually have all of their users in AD when you say it is not common authenticate real users? The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address. But those may or may not be the same ones you'd find in AD. In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in. I'd settle for not having yet another password. What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them. Which is why you'd want to set up PAM once, not login/ssh/imap/pop/http/smtp/samba and all those other applications that want a password. Especially when you want to be able to add local accounts in addition to using a network authentication mechanism. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Tue, 2008-04-22 at 12:36 -0400, Matt Shields wrote: > On Tue, Apr 22, 2008 at 11:56 AM, Craig White <[EMAIL PROTECTED]> wrote: > > > > On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote: > > > Matt Hyclak wrote: > > > > On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us: > > > >> Excuse my ignorance (I just got crap on the #centos IRC channel for > > this > > > >> question), but is there a (easy!) way to have and IRC and/or Jabber > > server > > > >> relay a login to a Microsoft Active Directory server for > > authentication? > > > >> If there's a better question to ask this question, please point me in > > that > > > >> direction, and I'll be happy to do so > > > >> > > > > > > > > Well, you probably want to ask in a support channel for your IRC and > > jabber > > > > server software, and/or some sort of Microsoft channel. > > > > > > > > The way you've posed the question, it has nothing to do with CentOS, > > so I am > > > > unsurprised you got crap for it on IRC. > > > > > > I thought one of the big deals in Centos was the ability to configure > > > PAM to authenticate anywhere you want and all the apps use the same > > > settings? Isn't that true, or aren't there any jabber/IRC servers that > > > are bundled properly into the distribution? > > > > > > This sounds very much like a distro-centric question to me, even if the > > > answer turns out to be that Centos doesn't provide that. > > > > actually no. > > > > I am currently using ejabberd and it is not common to authenticate > > 'real' users but certain possible. The methodology of authenticating > > 'real' users would entirely depend upon the jabber server software which > > varies widely from perl to java to erlang. > > > > The point of authenticating against LDAP is rarely do you only want > > user/id authentication but you also want address books/user lists and > > other attributes that can be useful such as e-mail address. > > > > In addition, jabber servers do have to store attributes about users so > > there's little to be served by marrying PAM functions in. > > > > What you should have noticed here Les, is that Windows AD users are > > mostly clueless to how LDAP works and integrating Windows AD/LDAP into > > other software is a challenge for them. > > > > Craig > > > > Why not just install OpenFire which has the AD <-> Jabber > authentication stuff built right in? I'm actually planning to re-do one of my servers which is providing jabber and I will test out OpenFire... Ejabberd works pretty well all things considered and was fairly trivial to integrated into my OpenLDAP setup not only for authentication but to build 'lists' of people automatically and to pick other LDAP attributes. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Tue, Apr 22, 2008 at 11:56 AM, Craig White <[EMAIL PROTECTED]> wrote: > > On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote: > > Matt Hyclak wrote: > > > On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us: > > >> Excuse my ignorance (I just got crap on the #centos IRC channel for this > > >> question), but is there a (easy!) way to have and IRC and/or Jabber > server > > >> relay a login to a Microsoft Active Directory server for authentication? > > >> If there's a better question to ask this question, please point me in > that > > >> direction, and I'll be happy to do so > > >> > > > > > > Well, you probably want to ask in a support channel for your IRC and > jabber > > > server software, and/or some sort of Microsoft channel. > > > > > > The way you've posed the question, it has nothing to do with CentOS, so > I am > > > unsurprised you got crap for it on IRC. > > > > I thought one of the big deals in Centos was the ability to configure > > PAM to authenticate anywhere you want and all the apps use the same > > settings? Isn't that true, or aren't there any jabber/IRC servers that > > are bundled properly into the distribution? > > > > This sounds very much like a distro-centric question to me, even if the > > answer turns out to be that Centos doesn't provide that. > > actually no. > > I am currently using ejabberd and it is not common to authenticate > 'real' users but certain possible. The methodology of authenticating > 'real' users would entirely depend upon the jabber server software which > varies widely from perl to java to erlang. > > The point of authenticating against LDAP is rarely do you only want > user/id authentication but you also want address books/user lists and > other attributes that can be useful such as e-mail address. > > In addition, jabber servers do have to store attributes about users so > there's little to be served by marrying PAM functions in. > > What you should have noticed here Les, is that Windows AD users are > mostly clueless to how LDAP works and integrating Windows AD/LDAP into > other software is a challenge for them. > > Craig > Why not just install OpenFire which has the AD <-> Jabber authentication stuff built right in? -- -matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote: > Matt Hyclak wrote: > > On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us: > >> Excuse my ignorance (I just got crap on the #centos IRC channel for this > >> question), but is there a (easy!) way to have and IRC and/or Jabber server > >> relay a login to a Microsoft Active Directory server for authentication? > >> If there's a better question to ask this question, please point me in that > >> direction, and I'll be happy to do so > >> > > > > Well, you probably want to ask in a support channel for your IRC and jabber > > server software, and/or some sort of Microsoft channel. > > > > The way you've posed the question, it has nothing to do with CentOS, so I am > > unsurprised you got crap for it on IRC. > > I thought one of the big deals in Centos was the ability to configure > PAM to authenticate anywhere you want and all the apps use the same > settings? Isn't that true, or aren't there any jabber/IRC servers that > are bundled properly into the distribution? > > This sounds very much like a distro-centric question to me, even if the > answer turns out to be that Centos doesn't provide that. actually no. I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible. The methodology of authenticating 'real' users would entirely depend upon the jabber server software which varies widely from perl to java to erlang. The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address. In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in. What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
Les Mikesell wrote: > I thought one of the big deals in Centos was the ability to configure PAM > to authenticate anywhere you want and all the apps use the same settings? > Isn't that true, or aren't there any jabber/IRC servers that are bundled > properly into the distribution? I know of neither. yum list "*jab*" only shows some perl-Jabber-* packages, yum list "*irc*" gives back ircd-hybrid from the kbs-CentOS-testing repository. So yes, ircd and jabberd aren't really in CentOS. And I have no idea if ircd-hybrid is being able to interface into an already existing user database, as it has its very own ways managing "users". > This sounds very much like a distro-centric question to me, even if the > answer turns out to be that Centos doesn't provide that. Done. Cheers, Ralph pgpBsQG9s8tMf.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
Matt Hyclak wrote: On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us: Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel. The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC. I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution? This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Mon, Apr 21, 2008 at 9:39 PM, Rogelio <[EMAIL PROTECTED]> wrote: > Excuse my ignorance (I just got crap on the #centos IRC channel for this > question), but is there a (easy!) way to have and IRC and/or Jabber server > relay a login to a Microsoft Active Directory server for authentication? > > If there's a better question to ask this question, please point me in that > direction, and I'll be happy to do so Since Active Directory is mostly ldap, you can vary your search by looking for ldap based authentication for jabber. This will point you to http://www.onlamp.com/pub/a/onlamp/2005/10/06/jabberd.html?page=1 You might also have a look at the ejabberd website and check there for ldap/AD authentication info. See http://www.ejabberd.im/forum/7 The #centos channel is mostly for supporting the software shipped by centos, and/or installation problems. Questions of your sort will have a varied response based on channel mood, which is a bit bipolar to say the least. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vectoring IRC / Jabber logins to AD?
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us: > Excuse my ignorance (I just got crap on the #centos IRC channel for this > question), but is there a (easy!) way to have and IRC and/or Jabber server > relay a login to a Microsoft Active Directory server for authentication? > If there's a better question to ask this question, please point me in that > direction, and I'll be happy to do so > Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel. The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC. Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
