Also, is there a reason this (the pam_passthru) module is not distributed in
the rpm?
Tom
On 7/25/06 4:32 PM, "Tom Ryan" <tomryan(a)camlaw.rutgers.edu> wrote:
On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins(a)redhat.com> wrote:
>
>> > I.e. Allow me to authenticate a user (irregardless of whether they
>> > have an account on the local system) by using the supplied simple bind
>> > credentials and attempting a kerberos validation of them.
> Yes, because with the plugin, fedora ds simply passes the credentials
> through to PAM, which can be configured to do kerberos auth (local or
> remote). So, instead of using saslauthd (as in openldap) you just use
> PAM to do the same thing.
I¹m curious how the pam framework allows for a kerberos principal/realm and
password to be checked...
I.e. Lets say, in openldap, I have {KERBEROS}user(a)KRB.REALM.COM, under
openldap, this works as expected.
You¹re saying that I can use the pam pass through module and then put
rhuid: user(a)KRB.REALM.COM
And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to
be), configure it in such a way that
Pam will return success..
Maybe pam_krb5.so?
Ahh.. Maybe no_user_check...
Now I see what you might be referring to..
Thanks!