On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins at redhat.com> wrote: > >> > I.e. Allow me to authenticate a user (irregardless of whether they >> > have an account on the local system) by using the supplied simple bind >> > credentials and attempting a kerberos validation of them. > Yes, because with the plugin, fedora ds simply passes the credentials > through to PAM, which can be configured to do kerberos auth (local or > remote). So, instead of using saslauthd (as in openldap) you just use > PAM to do the same thing. I?m curious how the pam framework allows for a kerberos principal/realm and password to be checked... I.e. Lets say, in openldap, I have {KERBEROS}user at KRB.REALM.COM, under openldap, this works as expected. You?re saying that I can use the pam pass through module and then put rhuid: user at KRB.REALM.COM And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to be), configure it in such a way that Pam will return success.. Maybe pam_krb5.so? Ahh.. Maybe no_user_check... Now I see what you might be referring to.. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060725/8ecc455d/attachment.html