[rhn-users] pam_ldap authentication against AD

Jon Etkins jetkins at austinlogistics.com
Mon Feb 6 22:30:13 UTC 2006 

I don't have an answer to your LDAP question, but have you considered
using Kerberos instead of LDAP?  We have our RedHat boxes authenticating
against our AD domain via Kerberos using a setup based on that described
in the HOW-TO at http://www.ofb.net/~jheiss/krbldap/howto.html - works
like a charm.

Cheers,


Jon Etkins
Network & IT Administrator
Austin Logistics, Incorporated
(512) 651-5641
www.AustinLogistics.com
 


-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
On Behalf Of Tom Hodder
Sent: Monday, February 06, 2006 3:35 PM
To: rhn-users at redhat.com
Subject: [rhn-users] pam_ldap authentication against AD


Hi,

I am using RHEL3 configured to use pam_ldap and microsoft Active
Directory LDAP as an authentication backend.

It seems that if no password has been set for the AD user, then the user
can login using any string as a password except a blank password. I
looked at the string stored in the AD ldap for msSFU30password, and the
value is "ABCD!efgh12345$67890"

So the default behaviour for pam_ldap is to allow any password for these
users, which is not good.

Can I change this behaviour?

Thanks,

Tom
----------------------------------------------------------------------
CONFIDENTIALITY NOTICE 
The information contained in and transmitted with this email, including any attachments, is confidential and/or proprietary information of Austin Logistics Incorporated, and is intended only for a specific addressee or addressees.  If there is an agreement concerning the treatment of confidential or proprietary information in force between Austin Logistics Incorporated and the recipient, this message and any attachments shall be treated as confidential in accordance with the terms of such agreement.  Any dissemination, distribution, copying, or use of the information contained in and transmitted with this email by or to anyone other than the intended recipient or such recipient's authorized agent is unauthorized and strictly prohibited.  If you have received this email in error, please notify the sender by email immediately and then delete it along with any attachments.  Thank you.

More information about the rhn-users mailing list