Tom Ryan wrote:
> Also, is there a reason this (the pam_passthru) module is not
> distributed in the rpm?
It hasn't been fully tested yet, although it has been in production in
Red Hat for a few months now - it's how we do the same thing - simple
username/password auth against Kerberos.
>
> Tom
>
>
> On 7/25/06 4:32 PM, "Tom Ryan" <tomryan at camlaw.rutgers.edu> wrote:
>
>
>
>
> On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins at redhat.com> wrote:
>
>
> > I.e. Allow me to authenticate a user (irregardless of whether
> they
> > have an account on the local system) by using the supplied
> simple bind
> > credentials and attempting a kerberos validation of them.
> Yes, because with the plugin, fedora ds simply passes the
> credentials
> through to PAM, which can be configured to do kerberos auth
> (local or
> remote). So, instead of using saslauthd (as in openldap) you
> just use
> PAM to do the same thing.
>
>
> I?m curious how the pam framework allows for a kerberos
> principal/realm and password to be checked...
>
> I.e. Lets say, in openldap, I have {KERBEROS}user at KRB.REALM.COM,
> under openldap, this works as expected.
>
> You?re saying that I can use the pam pass through module and then put
>
> rhuid: user at KRB.REALM.COM
>
> And then in /etc/pam.d/ldapserver (or whatever I compile it as the
> name to be), configure it in such a way that
>
> Pam will return success..
>
> Maybe pam_krb5.so?
>
> Ahh.. Maybe no_user_check...
>
> Now I see what you might be referring to..
>
> Thanks!
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060725/8e8df25e/attachment.bin
