Re: Any C coders want to help me with something?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 29, 2009 at 01:03:03PM -0500, Mike McGrath wrote:
> > >> Well normally what I have seen is that the 'FAS' server would export a
> > >> schema table to LDAP and LDAP would then be what is authenticated to
> > >> (the same with Kerberos if combined). Or the FAS server has a
> > >> mysql/postgres background and someone uses pam/mod mysql to do it.

> > Sorry for butting in like this, but I always assumed FAS would use LDAP
> > as a backend, so that 3rd parties, if they wanted to plug in to the
> > system, would utilize LDAP.  Is that not the case?
> 
> Correct, that's not the case.  Instead of LDAP we have a postgres backend
> and use json to auth, third parties use python-fedora to authenticate.  We
> tried pretty hard to get LDAP working with our account system but ran into
> many problems and decided to go back to postgres.

I'd third the LDAP love here, e.g. either a read-only cron'd export to
LDAP or rewriting the FAS backend for LDAP. Any future tool you may
want to attach to FAS will most probably have LDAP support out of the
box, but any other kind of authentication would need special coding
(like your pam module request), which is both time consuming and a
security risk if not written properly.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgpMkHcHqdjQA.pgp
Description: PGP signature

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux