Chris Maresca wrote:
All,I've been looking longingly at the PAM pass-through module as it would give us access to capabilities we've wanted for a while. I've looked at the README, but I still have a few questions.1. Is it possible to specify PAM as the authentication on a per-account basis?
No.
2. Is it possible to specify authentication escalation on failure on a per account basis?
No.But these do seem like very interesting features - how would this work? via a special attribute in the user's entry?
3. Has anyone deployed it in a production environment?
If so, what type(s) of PAM auth did you use?
We used to do this at AOL. We had a proprietary plugin for this purpose. The password was passed as "password/securidtoken". The plug-in parsed out the password and the token and passed them off to our proprietary auth thingy.Also, if anyone has any successful examples of using two-factor authentication tokens (specifically either SecureID or CryptoCard, but also others), I would love to hear about them. It seems that none of the vendors providing token-based support LDAP as a primary user info repository directly, which is odd, to say the least.
I'd like to add that compared to OpenLDAP, Fedora DS is a breath of fresh air. Thanks for making it available.Chris.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
