[Fedora-directory-users] Question re: {KERBEROS} syntax
Tom Ryan
tomryan at camlaw.rutgers.edu
Tue Jul 25 20:59:54 UTC 2006
Also, is there a reason this (the pam_passthru) module is not distributed in
the rpm?
Tom
On 7/25/06 4:32 PM, "Tom Ryan" <tomryan at camlaw.rutgers.edu> wrote:
>
>
>
> On 7/25/06 4:22 PM, "Richard Megginson" <rmeggins at redhat.com> wrote:
>>
>>> > I.e. Allow me to authenticate a user (irregardless of whether they
>>> > have an account on the local system) by using the supplied simple bind
>>> > credentials and attempting a kerberos validation of them.
>> Yes, because with the plugin, fedora ds simply passes the credentials
>> through to PAM, which can be configured to do kerberos auth (local or
>> remote). So, instead of using saslauthd (as in openldap) you just use
>> PAM to do the same thing.
>
> I¹m curious how the pam framework allows for a kerberos principal/realm and
> password to be checked...
>
> I.e. Lets say, in openldap, I have {KERBEROS}user at KRB.REALM.COM, under
> openldap, this works as expected.
>
> You¹re saying that I can use the pam pass through module and then put
>
> rhuid: user at KRB.REALM.COM
>
> And then in /etc/pam.d/ldapserver (or whatever I compile it as the name to
> be), configure it in such a way that
>
> Pam will return success..
>
> Maybe pam_krb5.so?
>
> Ahh.. Maybe no_user_check...
>
> Now I see what you might be referring to..
>
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060725/9d30f64a/attachment.htm>
More information about the Fedora-directory-users
mailing list