[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] Capturing passwords for migration at bind-time?

From: Dmitri Pal <dpal redhat com>
To: Simo Sorce <ssorce redhat com>
Cc: freeipa-devel redhat com
Subject: Re: [Freeipa-devel] Capturing passwords for migration at bind-time?
Date: Thu, 26 Jun 2008 12:19:20 -0400

This is a migration scenario, I see at least 2 ways:

a) some frontend (web?) app is built to proxy the user password to ldap
by performing a bind.

This approach doe not really work in real deployments since it is notseamless for the end user.

b) we provide a pam module smart enough to check the user status against
ldap if pam_kerb5 fails, and if it finds the user is in "upgrade" mode,
perform an (SSL protected) simple bind against the ldap server.

Simo.

This approach is better since user does not need to do anything.


--
Dmitri Pal
Engineering Manager

Red Hat Inc.

References:
- [Freeipa-devel] Capturing passwords for migration at bind-time?
  - From: Nalin Dahyabhai
- Re: [Freeipa-devel] Capturing passwords for migration at bind-time?
  - From: John Dennis
- Re: [Freeipa-devel] Capturing passwords for migration at bind-time?
  - From: Simo Sorce
- Re: [Freeipa-devel] Capturing passwords for migration at bind-time?
  - From: John Dennis
- Re: [Freeipa-devel] Capturing passwords for migration at bind-time?
  - From: Simo Sorce

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]