> -----Original Message----- > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On > Behalf Of JohnS > Sent: Wednesday, February 10, 2010 1:31 AM > To: CentOS mailing list > Subject: Re: Anyone using Active Driectory auth with Centos > 5.4.....? > > > On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote: > > On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote: > > > >This looks like the way to go, I don't like the username /pass stored > in plain text but maybe if I create a special group that doesn't really > have any privileges this would work, geez AD is just plain bad...lol, > Thanks. > > > > > > I guess you think insecure would be better? If I understand your need, > you want > > > to make AD insecure, so please enable anonymous binds so you don't > need a user/pass > > > to make the query:) > > > > > > Or program your own auth backend that binds with the intended creds > asking for auth:) > > > Oh, and do this w/o tls/ssl because you want it insecure:) > > ---- > > seems to me that permitting an anonymous bind to LDAP is inherently more > > secure than requiring a user/password combination so I don't think that > > your explanation is exactly true. In Microsoft's view, the only systems > > querying LDAP would be systems automatically passing the authentication. > > > > Craig > ---- > > Yes it is true, you have to have that for it to work correctly. > > John > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos I apologize if this has been mentioned before but one option would be to use Apache's Kerberos module for authentication. See the modules sourceforge page here --> http://modauthkerb.sourceforge.net/configure.html Regards, Dan _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos