[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using Radius for authentication...

On Tuesday, 22. January 2002 11:49, Nigel Kersten wrote:

> > it really depends on what you are doing and what you want to achive. If
> > you want to authenticate OpenLDAP access you could enable the
> > (unencrypted) SASL PLAIN mechanism (look for sasl_secprops in slapd.conf
> > and the SASL documentation) and use a RADIUS-PAM-Module for
> > SASL-Authentication.
> >
> > If you are currently using a combination of nss_ldap and pam_ldap for
> > managing UNIX machines you could replace the authentication part (mainly
> > pam_ldap) by a RADIUS PAM module and leave the rest as it is (the
> > passwords are not in your directory but in the RADIUS) You will need a
> > mechanism to keep the UIDs in sync and you may want above method to
> > provide access to your directory.


> I'm running OpenLDAP 2.0.21, and it is currently holding user accounts,
> without using any pam modules or anything, on a Mac OS X Server box. MOSXS
> can look for user info in a directory service like OpenLDAP. (this is not a
> production system as yet, I'm looking for a workable solution...) The
> passwords are currently stored as SSHA hashes.

Well, you should better ask the questions on a Mac OS X specific forum 
because what you actually want to know is how to authenticate Mac OS X 
against RADIUS. 

To keep in topic... :-) If you absolutely want to keep the LDAP-Interface and 
the RADIUS server is able to provide all necessary information, you could 
write your own back-radius for slapd...


Stephan Siano

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn