[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi, sasl, pam interaction

* Andreas (andreas@conectiva.com.br) wrote:
> On Fri, Sep 26, 2003 at 01:19:45PM +0100, Adrian Worthington wrote:
> > |> > 	  what i can't figure out is how to hold directory information
> > |> > in the ldap server, the password in kerberos and setup pam_ldap to use
> (..)
> > |> That's not the idea.
> > 
> > now i'm stumped again, i see that you (symas) provide kerberos and ldap
> The idea in your case is to use kerberos for authentication (pam_krb5) and
> ldap for authorization (nss_ldap). You won't be using pam_ldap, since you
> don't even use the userPassword attribute.

It's possible you'd want to use pam_ldap for (authorization), perhaps on a 
per-service basis (allow for POP3 but not for ssh, for example).  Or if
you want to have all UIDs available but only allow access for certain
people (NFS server or other reasons).


Attachment: pgpXn10jx3Cwq.pgp
Description: PGP signature