[Fedora-directory-users] Question re: {KERBEROS} syntax

[Richard Megginson]

Tom Ryan wrote:
>
> On 7/25/06 3:51 PM, "Richard Megginson" <rmeggins at redhat.com> wrote:
>
>     Tom Ryan wrote:
>     > Yes, but its not quite what I’m looking for. Using {KERBEROS} under
>     > openldap, the ldap server would validate the supplied user/password
>     > using kerberos..
>     >
>     > Unless I’m missing something, this won’t work for me..
>     Are you attempting a SASL/Kerberos bind or a simple username/password
>     bind? If the latter, you will need the PAM passthru auth plugin:
>     http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec=1.4=auto
>     <http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.4&view=auto>
>     <http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/README?root=dirsec&rev=1.4&view=auto>
>
>
>
> That’s the general idea of what I want.. The problem is that users 
> might not necessarily have an account on the box..
> Essentially a simple username/password bind that the fedora ds would 
> then use kerberos to authenticate..
>
> That being said, it would appear that fedora ds does not have an equiv 
> capability as the openldap server correct out of the box?
That is correct, but the pam passthru auth plugin will do what you want.
>
> Thanks for your very quick responses!
>
> Tom
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060725/e378619d/attachment.bin>