-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/30/2009 12:52 AM, Mike McGrath wrote: > On Wed, 29 Apr 2009, Stephen John Smoogen wrote: > >> On Wed, Apr 29, 2009 at 8:27 AM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >>> On Wed, 29 Apr 2009, Stefan Schlesinger wrote: >>> >>>> On Apr 29, 2009, at 01:38 , Mike McGrath wrote: >>>>> I'd like someone to write a pam module to auth against fas. I'm not sure >>>>> it's the way to go but I'd like to have something up and running to test >>>>> with to see how it behaves, how it deals with some failure scenarios, etc. >>>> I'm not sure what exactly you want to do, but pam_ldap should do what >>>> you want, right? Or at least one could use it as codebase and modify it. >>>> >>> pam_ldap would probably be close to what we want and certainly a good >>> place to look but we don't run an ldap server so it won't auth against >>> fas. >>> >> Well normally what I have seen is that the 'FAS' server would export a >> schema table to LDAP and LDAP would then be what is authenticated to >> (the same with Kerberos if combined). Or the FAS server has a >> mysql/postgres background and someone uses pam/mod mysql to do it. >> >> The one problem with custom pam modules is usually the 'oooooooh' >> moment when something doesn't work quite as planned (hey look I can >> sudo root as apache? how did that happen?) >> > > This is a legit and good concern. Ricky and I were talking about it last > night. Since we're re-thinking things I'm open to suggestions. Might be > something as simple as getting an ldap server to communicate with a > postgres backend? > > -Mike Sorry for butting in like this, but I always assumed FAS would use LDAP as a backend, so that 3rd parties, if they wanted to plug in to the system, would utilize LDAP. Is that not the case? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkn4ivUACgkQaVgOCFr0s2KkpgCdFx3iwUM8IbWPjVEufFRDnM5d b6EAnAsXyj03UIMbMy0wGDi9+n/ZC8eT =oyjc -----END PGP SIGNATURE----- _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
