Richard Megginson, dnia 2006-11-17 21:29 napisal:
Right. For clients that can do SASL/GSSAPI BIND (i.e. Kerberos),
just need to configure the SASL Mapping to find the user's DN based on
the Kerberos principal.
My company runs a lot of software which can't use
SASL/GSSAPI BIND, so
this is definitely not for me.
For clients that cannot use SASL but must use simple
bind, you can use the PAM passthrough plug-in.
OK, where I can read about that? Doc
and wiki seems to have no PAM in
them. And is this equal to what I have configured with OpenLDAP? Because
when migrating, FDS should support old authentication method (with
'uid(a)REALM.NET' in the 'userPassword' field and passwords in Kerberos).