Does the Fedora DS or RHDS support pass thru authentication via SASL? For example, openldap can use --enable-spasswd at compile time to allow simple binds be accepted at the LDAP level and then authenticated with SASL (saslauthd in this example) to kerberos underneath and accept the bind. I need to have kerberos around for AFS but would like to be able to just use the LDAP directory as a way to authenticate clients that are not kerberized. -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies derek@umiacs.umd.edu
Rich Megginson
2005-Nov-03 14:17 UTC
Re: [Fedora-directory-users] pass thru authentication
We have a PAM pass thru plugin that allows you to pass through the authentication request from FDS to PAM, and then to kerberos or whatever you want. We use this internally to allow LDAP clients that can only do simple BIND to use their Kerberos password. It''s not compiled or enabled by default, but it''s pretty simple to do so. http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_passthru/?root=dirsec Derek T. Yarnell wrote:> Does the Fedora DS or RHDS support pass thru authentication via SASL? > For example, openldap can use --enable-spasswd at compile time to > allow simple binds be accepted at the LDAP level and then > authenticated with SASL (saslauthd in this example) to kerberos > underneath and accept the bind. > > I need to have kerberos around for AFS but would like to be able to > just use the LDAP directory as a way to authenticate clients that are > not kerberized. >