On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins(a)redhat.com> wrote:
> > I.e. Allow me to authenticate a user (irregardless of whether they
> > have an account on the local system) by using the supplied simple bind
> > credentials and attempting a kerberos validation of them.
Yes, because with the plugin, fedora ds simply passes the credentials
through to PAM, which can be configured to do kerberos auth (local or
remote). So, instead of using saslauthd (as in openldap) you just use
PAM to do the same thing.
I¹m curious how the pam framework allows for a kerberos principal/realm and
password to be checked...
I.e. Lets say, in openldap, I have {KERBEROS}user(a)KRB.REALM.COM, under
openldap, this works as expected.
You¹re saying that I can use the pam pass through module and then put
rhuid: user(a)KRB.REALM.COM
And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to
be), configure it in such a way that
Pam will return success..
Maybe pam_krb5.so?
Ahh.. Maybe no_user_check...
Now I see what you might be referring to..
Thanks!