[Fedora-directory-users] Directory Server Authentication Pass through with Kerberos or saslauthd
Tim Hartmann
hartmann at fas.harvard.edu
Thu Sep 25 21:15:43 UTC 2008
Hi Rich thanks for the reply!
Rich Megginson wrote:
>> http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through
>>
>> Which seems like it could work, but seems kind of like a hack for
>> what i'm trying to do and it seemed like I couldn't be the only one
>> who wanted to do it! I suspect there's something I'm just missing!
> That hack was invented for those who wanted to use Kerberos as the
> authoritative source for password information. pampassthru passes the
> password to Kerberos via pam.
>
Thats *really* what I'd like to do... actually keep Kerberos as my
authoritative source for password data, I was hoping there might have
been a saslauthd plugin that I may have missed to proxy passwords back
to ldap as well, or maybe some other step that I'd missed in my research.
> If you're really interested in using Fedora DS as the authoritative
> source for password information, and have Kerberos use Fedora DS to
> store the passwords, you really need freeipa.org
We took a look at Freeipa.org but it didn't seem to as good a fit for us
especially since we wanted to keep Kerberos as our password store. If I
can get simple binds to work through pam for those applications that
don't support GSS/SASL that would be a huge win!
Out of curiosity, was there any reason for proxing though pam rather
then something like saslauthd?
Thanks again!
Tim
More information about the Fedora-directory-users
mailing list