Re: [Fedora-directory-users] Question re: {KERBEROS} syntax

On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins@redhat.com> wrote:

> I.e. Allow me to authenticate a user (irregardless of whether they
> have an account on the local system) by using the supplied simple bind
> credentials and attempting a kerberos validation of them.
Yes, because with the plugin, fedora ds simply passes the credentials
through to PAM, which can be configured to do kerberos auth (local or
remote). So, instead of using saslauthd (as in openldap) you just use
PAM to do the same thing.

I’m curious how the pam framework allows for a kerberos principal/realm and password to be checked...

I.e. Lets say, in openldap, I have {KERBEROS}user@KRB.REALM.COM, under openldap, this works as expected.

You’re saying that I can use the pam pass through module and then put

rhuid: user@KRB.REALM.COM

And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to be), configure it in such a way that

Pam will return success..

Maybe pam_krb5.so?

Ahh.. Maybe no_user_check...

Now I see what you might be referring to..

Thanks!