[389-users] PAM PTA partially working
Prashanth Sundaram
psundaram at wgen.net
Wed Sep 23 14:34:21 UTC 2009
Andrey,
Thanks for the info. It worked for me. :) Just another question, I want to
secure the communication with AD secure. I read that AD is not SSL
compatible and supports startTLS. What security mechanism have you used in
your systems with AD?
http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redi
rect=no
Hi,
You should not verify the users locally (there is a "no_user_check" to
add). The authoritative source of validation should be AD/Kerberos.
Here is the config that works for us :
auth sufficient /lib/security/pam_krb5.so no_user_check
account required /lib/security/pam_krb5.so no_user_check
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090923/246ff9eb/attachment.htm>
More information about the Fedora-directory-users
mailing list