Tom Ryan wrote:
Also, is there a reason this (the pam_passthru) module is not
distributed in the rpm?
It hasn't been fully tested yet, although it has been
in production in
Red Hat for a few months now - it's how we do the same thing - simple
username/password auth against Kerberos.
Tom
On 7/25/06 4:32 PM, "Tom Ryan" <tomryan(a)camlaw.rutgers.edu> wrote:
On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins(a)redhat.com> wrote:
> I.e. Allow me to authenticate a user (irregardless of whether
they
> have an account on the local system) by using the supplied
simple bind
> credentials and attempting a kerberos validation of them.
Yes, because with the plugin, fedora ds simply passes the
credentials
through to PAM, which can be configured to do kerberos auth
(local or
remote). So, instead of using saslauthd (as in openldap) you
just use
PAM to do the same thing.
I’m curious how the pam framework allows for a kerberos
principal/realm and password to be checked...
I.e. Lets say, in openldap, I have {KERBEROS}user(a)KRB.REALM.COM,
under openldap, this works as expected.
You’re saying that I can use the pam pass through module and then put
rhuid: user(a)KRB.REALM.COM
And then in /etc/pam.d/ldapserver (or whatever I compile it as the
name to be), configure it in such a way that
Pam will return success..
Maybe pam_krb5.so?
Ahh.. Maybe no_user_check...
Now I see what you might be referring to..
Thanks!
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users