Any C coders want to help me with something?
Mike McGrath
mmcgrath at redhat.com
Wed Apr 29 16:59:30 UTC 2009
On Wed, 29 Apr 2009, Mike McGrath wrote:
> On Wed, 29 Apr 2009, Stephen John Smoogen wrote:
>
> > On Wed, Apr 29, 2009 at 8:27 AM, Mike McGrath <mmcgrath at redhat.com> wrote:
> > > On Wed, 29 Apr 2009, Stefan Schlesinger wrote:
> > >
> > >> On Apr 29, 2009, at 01:38 , Mike McGrath wrote:
> > >> > I'd like someone to write a pam module to auth against fas. I'm not sure
> > >> > it's the way to go but I'd like to have something up and running to test
> > >> > with to see how it behaves, how it deals with some failure scenarios, etc.
> > >>
> > >> I'm not sure what exactly you want to do, but pam_ldap should do what
> > >> you want, right? Or at least one could use it as codebase and modify it.
> > >>
> > >
> > > pam_ldap would probably be close to what we want and certainly a good
> > > place to look but we don't run an ldap server so it won't auth against
> > > fas.
> > >
> >
> > Well normally what I have seen is that the 'FAS' server would export a
> > schema table to LDAP and LDAP would then be what is authenticated to
> > (the same with Kerberos if combined). Or the FAS server has a
> > mysql/postgres background and someone uses pam/mod mysql to do it.
> >
> > The one problem with custom pam modules is usually the 'oooooooh'
> > moment when something doesn't work quite as planned (hey look I can
> > sudo root as apache? how did that happen?)
> >
>
> This is a legit and good concern. Ricky and I were talking about it last
> night. Since we're re-thinking things I'm open to suggestions. Might be
> something as simple as getting an ldap server to communicate with a
> postgres backend?
>
:: cough cough :: something like
http://www.darold.net/projects/ldap_pg/HOWTO/
-Mike
More information about the Fedora-infrastructure-list
mailing list