Re: [389-users] PAM PTA partially working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Prashanth Sundaram wrote:

Andrey,

Thanks for the info. It worked for me. :) Just another question, I want to secure the communication with AD secure. I read that AD is not SSL compatible and supports startTLS.
AD is TLS/SSL compatible and it supports startTLS. Winsync supports both LDAPS and LDAP with startTLS.
What security mechanism have you used in your systems with AD?

http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no <http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no>


Hi,

You should not verify the users locally (there is a "no_user_check" to
add). The authoritative source of validation should be AD/Kerberos.
Here is the config that works for us :

auth    sufficient      /lib/security/pam_krb5.so no_user_check
account required        /lib/security/pam_krb5.so no_user_check

------------------------------------------------------------------------

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux