New PAM module pam_krb5+ldap
Jason Gerfen
jason.gerfen at scl.utah.edu
Thu Oct 13 14:55:57 UTC 2005
Morning,
I have been working on making some additions to the original
pam_krb5 module for a little while and I can say that it is stable
enough for release. Details on the additions follow;
pam_krb5+ldap
requirements:
Linux-PAM libs
Kerberos libs
OpenLDAP libs
summary:
Anyone that has used the existing pam_krb5 authentication module for
linux clients has at some point had to configure a new service to
provide user enumeration such as NIS, Samba etc., or as well as setting
up a new service had to configure the pam_ldap module or some other
method of keeping user accounts, more specifically the uid, and gid for
the user available to the pam_krb5 module during the TGT verification
process.
Since we do not authenticate users against LDAP, NIS or Samba but have a
LDAP / AD directory filled with users, uid's, gid's, home directory's
and default shell's I have added a couple of functions to generate the
userdata that populates the AD (unix services schema) / LDAP directory
and hand it off to the TGT verification process.
Not everyone out there has this type of setup I understand, but for
those that do require Kerberos authentication and don't wish to run a
secondary service such as NIS when they already have a good AD / LDAP
directory filled with user data this is your module.
I hope this helps some people out and if you find anything wrong with it
let me know.
http://sourceforge.net/projects/pam-krb5-ldap
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the Pam-list
mailing list