> -----Original Message----- > From: fedora-directory-users-bounces@xxxxxxxxxx > [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf > Of Aleksandar Milivojevic > Sent: Tuesday, June 28, 2005 8:19 PM > To: david_list@xxxxxxxxxxx; General discussion list for the > Fedora Directory server project. > Subject: Re: support for non-localy > stored passwords? > > Basically, I started with the similar ideas as you and Rich > sugested when solving problem with OpenLDAP. And the things > always broke at the multiple Kerberos domains used and the > fact that user's were not supplying the domain portion as > part of their login. At the end, using {SASL}username@REALM > was the solution suggested on SASL and OpenLDAP mailing > lists, and it worked great so far. It occurs to me that a simple pre-operation bind plugin plus pam would probably solve your problem. The plugin would alter the bind credentials so that the realm is added appropriateley - then it is simply a matter of setting up kerberos correctly for multiple domains and using the kerberos pam plugin. For that matter a simple pam auth plugin could do this too, though slightly less efficiently since it would need to query the DS to get the realm. Of course, this all requires code :) -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
