Tim Hartmann wrote: > Rich, > > Configuring the pam plugin went really well, and was really > straighforward to follow, thanks for putting up the docs online and > writing the pam plugin. I did have to pull over the > libpam-passthru-plugin.so file from a copy of Fedora Directory Server > v1.1, since it doesn't look like Red Hat Directory Server 8.0 ships > with it, the plugin lists as version 1.1 is that the appropriate > version of the library? > Yes. Just make sure you use the FC-6 binary since that most closely corresponds to RHEL5. > -Tim > > > > > > Rich Megginson wrote: > >> Tim Hartmann wrote: >> >>> Hi Rich thanks for the reply! >>> >>> Rich Megginson wrote: >>> >>> >>>>> http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through >>>>> >>>>> Which seems like it could work, but seems kind of like a hack for >>>>> what i'm trying to do and it seemed like I couldn't be the only one >>>>> who wanted to do it! I suspect there's something I'm just >>>>> missing! >>>>> >>>> That hack was invented for those who wanted to use Kerberos as the >>>> authoritative source for password information. pampassthru passes the >>>> password to Kerberos via pam. >>>> >>>> >>>> >>> Thats *really* what I'd like to do... actually keep Kerberos as my >>> authoritative source for password data, I was hoping there might have >>> been a saslauthd plugin that I may have missed to proxy passwords back >>> to ldap as well, or maybe some other step that I'd missed in my >>> research. >>> >>> >>> >>> >>>> If you're really interested in using Fedora DS as the authoritative >>>> source for password information, and have Kerberos use Fedora DS to >>>> store the passwords, you really need freeipa.org >>>> >>>> >>> We took a look at Freeipa.org but it didn't seem to as good a fit for us >>> especially since we wanted to keep Kerberos as our password store. If I >>> can get simple binds to work through pam for those applications that >>> don't support GSS/SASL that would be a huge win! >>> >>> >>> Out of curiosity, was there any reason for proxing though pam rather >>> then something like saslauthd? >>> >> The people who wanted this feature didn't want the overhead of an >> additional server daemon (saslauthd). They already had a pam stack >> that did kerberos auth and they just wanted Fedora DS to use that - >> pam passthru. >> >>> Thanks again! >>> >>> Tim >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080926/47a4953f/attachment.bin
