Craig White wrote:
----
The point of authenticating against LDAP is rarely do you only want
user/id authentication but you also want address books/user lists and
other attributes that can be useful such as e-mail address.
But those may or may not be the same ones you'd find in AD.
----
any reasonable LDAP implementation allows you to define the DN (or DN's)
to be used for various purposes
But the people managing AD may have no interest in supporting other
applications.
----
In addition, jabber servers do have to store attributes about users so
there's little to be served by marrying PAM functions in.
I'd settle for not having yet another password.
----
sure - makes sense - how many different jabber servers are you running?
A couple, currently used by small sets of people but it's likely to
expand (the people, not necessarily the servers). I want to set up at
least one of them with OpenNMS spewing its notifications into a
multiuser chat room that the network operators can join.
----
What you should have noticed here Les, is that Windows AD users are
mostly clueless to how LDAP works and integrating Windows AD/LDAP into
other software is a challenge for them.
Which is why you'd want to set up PAM once, not
login/ssh/imap/pop/http/smtp/samba and all those other applications that
want a password. Especially when you want to be able to add local
accounts in addition to using a network authentication mechanism.
----
sure - makes sense - how many different jabber servers are you running?
You are simply looking through a lens that says corporate users,
corporate login accounts, etc. That's fine but I get the distinct
impression that it is hardly the typical setup.
When someone mentions AD, I'd assume corporate users, existing logins,
existing passwords and password change policy - and probably some
MS-centric people managing it who may not want to help glue on some
open-source parts.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
