[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
RE: [Fedora-directory-users] support for non-localy stored passwords?
- From: "Pete Rowley" <pete openrowley com>
- To: "'General discussion list for the Fedora Directory server project.'" <fedora-directory-users redhat com>
- Subject: RE: [Fedora-directory-users] support for non-localy stored passwords?
- Date: Wed, 29 Jun 2005 11:24:13 -0700
> -----Original Message-----
> From: fedora-directory-users-bounces redhat com
> [mailto:fedora-directory-users-bounces redhat com] On Behalf
> Of Aleksandar Milivojevic
> Sent: Tuesday, June 28, 2005 8:19 PM
> To: david_list boreham org; General discussion list for the
> Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] support for non-localy
> stored passwords?
>
> Basically, I started with the similar ideas as you and Rich
> sugested when solving problem with OpenLDAP. And the things
> always broke at the multiple Kerberos domains used and the
> fact that user's were not supplying the domain portion as
> part of their login. At the end, using {SASL}username REALM
> was the solution suggested on SASL and OpenLDAP mailing
> lists, and it worked great so far.
It occurs to me that a simple pre-operation bind plugin plus pam would
probably solve your problem. The plugin would alter the bind credentials so
that the realm is added appropriateley - then it is simply a matter of
setting up kerberos correctly for multiple domains and using the kerberos
pam plugin.
For that matter a simple pam auth plugin could do this too, though slightly
less efficiently since it would need to query the DS to get the realm.
Of course, this all requires code :)
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]