[Freeipa-devel] Capturing passwords for migration at bind-time?
Dmitri Pal
dpal at redhat.com
Thu Jun 26 16:19:20 UTC 2008
> This is a migration scenario, I see at least 2 ways:
>
> a) some frontend (web?) app is built to proxy the user password to ldap
> by performing a bind.
>
>
This approach doe not really work in real deployments since it is not
seamless for the end user.
> b) we provide a pam module smart enough to check the user status against
> ldap if pam_kerb5 fails, and if it finds the user is in "upgrade" mode,
> perform an (SSL protected) simple bind against the ldap server.
>
> Simo.
>
>
This approach is better since user does not need to do anything.
--
Dmitri Pal
Engineering Manager
Red Hat Inc.
More information about the Freeipa-devel
mailing list