-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I've installed and configured the pam passthru plugin so that we can do simple binds without having to store passwords in the directory. It's working, but I can't seem to get the pamSecure attribute to take effect. My entry in dse.ldif for the plugin is: dn: cn=PAM Pass Through Auth,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject objectClass: pamConfig cn: PAM Pass Through Auth nsslapd-pluginPath: /opt/fedora-ds/lib/pam-passthru-plugin.so nsslapd-pluginInitfunc: pam_passthruauth_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginloadglobal: true nsslapd-plugin-depends-on-type: database pamMissingSuffix: ALLOW pamExcludeSuffix: o=NetscapeRoot pamExcludeSuffix: cn=config pamMapMethod: RDN pamFallback: FALSE pamSecure: TRUE pamService: ldapserver nsslapd-pluginId: pam_passthruauth nsslapd-pluginVersion: 1.0.2 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: PAM pass through authentication plugin That's pretty much a cut & paste from the README that comes with the plugin source. Docs are sketchy, but I thought that pamSecure was supposed to prevent a non-SSL connection from being able to do the passthru bind? Even though I have it set to true, I can bind to port 389 of my server with no error. Obviously, that's not acceptable. Am I misunderstanding the purpose of this attribute? If so, is there any other way to enforce TLS for simple binds? Also, is there any plan to include this plugin in the default build of FDS? It's included with the source, but it's commented out of the Makefile, at least for version 1.0.2. Thanks, -paul - -- Paul D. Engle | Rice University Sr. Systems Administrator | Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 pengle at rice.edu | Houston, TX 77251-1892 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFEdbxkCpkISWtyHNsRApDyAKDoSSB0omRek5XhAdbsBJJ+ioP8DgCfWRsG LClbobetOFgcM/U8gBFoOyQ= =tgjh -----END PGP SIGNATURE-----
