Quoting Pete Rowley <pete@xxxxxxxxxxxxxx>:
It occurs to me that a simple pre-operation bind plugin plus pam would
probably solve your problem. The plugin would alter the bind credentials so
that the realm is added appropriateley - then it is simply a matter of
setting up kerberos correctly for multiple domains and using the kerberos
pam plugin.
For that matter a simple pam auth plugin could do this too, though slightly
less efficiently since it would need to query the DS to get the realm.
Of course, this all requires code :)
Hmmm... Somehow I have a feeling that it would take less coding to add
support
for '{SASL}' stuff in FDS password verification code ;-)
(haven't seen the actual code, so just a wild guess)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
