[Date Prev][Date Next]
Re: Using Radius for authentication...
On Tuesday, 22. January 2002 11:49, Nigel Kersten wrote:
> > it really depends on what you are doing and what you want to achive. If
> > you want to authenticate OpenLDAP access you could enable the
> > (unencrypted) SASL PLAIN mechanism (look for sasl_secprops in slapd.conf
> > and the SASL documentation) and use a RADIUS-PAM-Module for
> > SASL-Authentication.
> > If you are currently using a combination of nss_ldap and pam_ldap for
> > managing UNIX machines you could replace the authentication part (mainly
> > pam_ldap) by a RADIUS PAM module and leave the rest as it is (the
> > passwords are not in your directory but in the RADIUS) You will need a
> > mechanism to keep the UIDs in sync and you may want above method to
> > provide access to your directory.
> I'm running OpenLDAP 2.0.21, and it is currently holding user accounts,
> without using any pam modules or anything, on a Mac OS X Server box. MOSXS
> can look for user info in a directory service like OpenLDAP. (this is not a
> production system as yet, I'm looking for a workable solution...) The
> passwords are currently stored as SSHA hashes.
Well, you should better ask the questions on a Mac OS X specific forum
because what you actually want to know is how to authenticate Mac OS X
To keep in topic... :-) If you absolutely want to keep the LDAP-Interface and
the RADIUS server is able to provide all necessary information, you could
write your own back-radius for slapd...
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607