Hi Rich thanks for the reply! Rich Megginson wrote: >> http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through >> >> Which seems like it could work, but seems kind of like a hack for >> what i'm trying to do and it seemed like I couldn't be the only one >> who wanted to do it! I suspect there's something I'm just missing! > That hack was invented for those who wanted to use Kerberos as the > authoritative source for password information. pampassthru passes the > password to Kerberos via pam. > Thats *really* what I'd like to do... actually keep Kerberos as my authoritative source for password data, I was hoping there might have been a saslauthd plugin that I may have missed to proxy passwords back to ldap as well, or maybe some other step that I'd missed in my research. > If you're really interested in using Fedora DS as the authoritative > source for password information, and have Kerberos use Fedora DS to > store the passwords, you really need freeipa.org We took a look at Freeipa.org but it didn't seem to as good a fit for us especially since we wanted to keep Kerberos as our password store. If I can get simple binds to work through pam for those applications that don't support GSS/SASL that would be a huge win! Out of curiosity, was there any reason for proxing though pam rather then something like saslauthd? Thanks again! Tim
