On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins at redhat.com> wrote:
>
>> > I.e. Allow me to authenticate a user (irregardless of whether they
>> > have an account on the local system) by using the supplied simple bind
>> > credentials and attempting a kerberos validation of them.
> Yes, because with the plugin, fedora ds simply passes the credentials
> through to PAM, which can be configured to do kerberos auth (local or
> remote). So, instead of using saslauthd (as in openldap) you just use
> PAM to do the same thing.
I?m curious how the pam framework allows for a kerberos principal/realm and
password to be checked...
I.e. Lets say, in openldap, I have {KERBEROS}user at KRB.REALM.COM, under
openldap, this works as expected.
You?re saying that I can use the pam pass through module and then put
rhuid: user at KRB.REALM.COM
And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to
be), configure it in such a way that
Pam will return success..
Maybe pam_krb5.so?
Ahh.. Maybe no_user_check...
Now I see what you might be referring to..
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060725/8ecc455d/attachment.html
