Directory Server Authentication Pass through with Kerberos or saslauthd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim Hartmann wrote:
> Hi all, I've run into some configuration trouble with our Red Hat Directory server V 8.0 and was hoping someone on this list might be able to shed a little light on my darkened, troubled and confused brow! 
>
> We've got the directory running pretty and have enabled gssapi to allow
> us to bind with our Kerberos Tickets, so if I do an LDAP query and bind with gssapi with a valid TGT all is well! (hurray) However thats really only PART of what we hope to do with Kerberos and Red Hat Directory Server... we'd also like to be able to use Kerberos as the password database for LDAP... so that a non kerberos aware application which just wants to bind to ldap will be able to bind to the directory,  unaware that Kerberos is actually being used as the password store and means of auth..
>
> I found a pretty good HOWTO for how to do this with open ldap: 
> http://www.ba.infn.it/~domenico/docs/AAIFiles/openLDAP.html
>
> Way down at the bottom where it says "Kerberos as back-end database for LDAP password" is exactly what I'd like to accomplish!  Is there a means to do the same thing in FDS? I also found this documentations:
>
> http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through
>
> Which seems like it could work, but seems kind of like a hack for what i'm trying to do and it seemed like I couldn't be the only one who wanted to do it! I suspect there's something I'm just missing! 
>   
That hack was invented for those who wanted to use Kerberos as the 
authoritative source for password information.  pampassthru passes the 
password to Kerberos via pam.

If you're really interested in using Fedora DS as the authoritative 
source for password information, and have Kerberos use Fedora DS to 
store the passwords, you really need freeipa.org
> Thanks for the time, and any help would be much appreciated! 
>
> Tim
>  
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080925/5f65c02c/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux