Richard Megginson, dnia 2006-11-17 21:29 napisal: > Right. For clients that can do SASL/GSSAPI BIND (i.e. Kerberos), you > just need to configure the SASL Mapping to find the user's DN based on > the Kerberos principal. My company runs a lot of software which can't use SASL/GSSAPI BIND, so this is definitely not for me. > For clients that cannot use SASL but must use simple username/password > bind, you can use the PAM passthrough plug-in. OK, where I can read about that? Doc and wiki seems to have no PAM in them. And is this equal to what I have configured with OpenLDAP? Because when migrating, FDS should support old authentication method (with 'uid at REALM.NET' in the 'userPassword' field and passwords in Kerberos). -- email/xmpp: koniczynek at uaznia.net
