[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
Nicolas> Well, I don't know if you have to authenticate to the
Nicolas> LDAP server in order to even perform the lookups that
Nicolas> pam_ldap will require to implement its authorization
Nicolas> checks. If it does, then you have to keep:
Nicolas> account required pam_ldap.so
hmmm... I was under the impression that this "account" information has
nothing to do with authentication, but the rest of the users details
that you would normally find under /etc/passwd (uid, real name, shell,
home directory, etc).
Anyway, my system is working find with Kerberos for authentication and
LDAP for this other information. The only serious problem I have is
Nicolas> You may want to use the use_first_password
Nicolas> option. Password synchronization will be an issue
What module takes the use_first_password option? What does it do?
Nicolas> though. Perhaps you could use SASL to authenticate to the
Nicolas> LDAP server, using a GSS-API SASL plug-in and using the
Nicolas> Kerberos GSS-API mechanism (what a mouthful) to
Nicolas> authenticate to the LDAP server using Kerberos. But then
Nicolas> pam_krb5 and pam_ldap would have to cooperate with each
Thats something I have to think about for later. (my openldap server,
from Debian's potato, is currently too old for SASL support).
Brian May <firstname.lastname@example.org>