It works fine against AD, provided that: a) You have changed your password since the upgrade from NT4 to 2K (if any), or... b) Your Kerberos libraries support the RC4 enctypes, which Heimdal does IIRC, but MIT does not. Regards, Phil +------------------------------------------+ | Phil Mayers | | Network & Infrastructure Group | | Information & Communication Technologies | | Imperial College | +------------------------------------------+ -----Original Message----- From: Steve Langasek [mailto:vorlon@netexpress.net] Sent: 18 December 2001 19:18 To: pam-list@redhat.com Subject: Re: Active Directory module? On Tue, Dec 18, 2001 at 06:33:20PM +0000, David Lee wrote: > This may be an extremely simple question, but then again may not be. > Anyone know of a PAM module (ultimately for Solaris at least) that would > allow authentication against (shudder) a Microsoft W2K Active Directory > service? Just a pointer (URL etc.) to such a module (open-source > preferred) would do, so that I can begin to investigate. If you're looking just for authentication, then wouldn't a pam_krb5 module do? There's such a module in the PAM sourceforge repository, but I don't know if anyone's tried it against an AD domain yet. Steve Langasek postmodern programmer
