Hi Rich thanks for the reply!
Rich Megginson wrote:
>
http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through
>
> Which seems like it could work, but seems kind of like a hack for
> what i'm trying to do and it seemed like I couldn't be the only one
> who wanted to do it! I suspect there's something I'm just missing!
That hack was invented for those who wanted to use Kerberos as the
authoritative source for password information. pampassthru passes the
password to Kerberos via pam.
Thats *really* what I'd like to do... actually keep Kerberos as my
authoritative source for password data, I was hoping there might have
been a saslauthd plugin that I may have missed to proxy passwords back
to ldap as well, or maybe some other step that I'd missed in my research.
If you're really interested in using Fedora DS as the
authoritative
source for password information, and have Kerberos use Fedora DS to
store the passwords, you really need
freeipa.org
We took a look at
Freeipa.org but it didn't seem to as good a fit for us
especially since we wanted to keep Kerberos as our password store. If I
can get simple binds to work through pam for those applications that
don't support GSS/SASL that would be a huge win!
Out of curiosity, was there any reason for proxing though pam rather
then something like saslauthd?
Thanks again!
Tim