Well, we have looked into various setups with regards to setting our linux servers up to use LDAP, and have decided to go for direct AD integration rather than use for example winbind. This setup limits the components involved which reduces complexity and reduces the chance of things failing, and fit our needs well. We're not planning on using Kerberos. Kenneth On Wed, Jul 27, 2011 at 3:10 PM, D G Teed <donald.teed@xxxxxxxxx> wrote: > Is there a reason winbind and a little krb5 client config > (without using full kerberos) doesn't fit your needs? > That is how we pam authenticate to AD. I'm not sure > about the force password change, but I did have the > passwd command on Linux set up the password on AD > when winbind was in /etc/nsswitch.conf > > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
