[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP delegates authentication to PAM

On 1/14/2011 13:10, Manuel Rodríguez Hernández wrote:
OpenLDAP delegates authentication to PAM


I want to configure an application that only supports LDAP authentication, the challenge I face is that this application should not use the LDAP database to compare user and password, what I need, is to authenticate against a private solution which use its own auth schema, besides the only way to pass credentials to this private solution is using PAM, that is for example: an http proxy use a PAM helper to authenticate, and the PAM config use a PAM module to pass user/password to the private solution. So due to the restrictions, I'm looking to deploy an OpenLDAP server that redirects auth or executes an external program in order to authenticate against the private solution, and finally returns the response to the application that needs the authentication.

So I was looking to the back-perl module to deploy something like that, but I'm not sure it will work.

Does anybody know anything to solve this deployment?

I will appreciate any clue.

Thanks in advance


 Tel: +52 (55) 5322-5290
 Soporte: +52(55) 5322-5240
 Fax: +52 (55) 5322-5252

"Ce message est confidentiel. Si vous n'êtes pas le destinataire de ce message, nous vous prions de le notifier au destinataire voie un courrier électronique et de l'effacer avec toutes ces pièces jointes de son ordinateur, sans sauvegarder un copie. Vous ne devez pas le copier, l'utiliser, le répliquer, par aucun propos et même plus diffuser son contenu à personne. Merci d'avance."
"Este mensaje es confidencial. Si usted no es el destinatario de este mensaje, le suplicamos se lo notifique al remitente mediante un correo electrónico y que borre el presente mensaje y sus anexos de su computadora sin retener copia de los mismos. Por lo que no debe copiar este mensaje, usarlo, transmitir para cualquier propósito ni tampoco divulgar su contenido. Muchas gracias."
"This e-mail is confidential and may also be privileged. If you are not the intended recipient please immediately advise the sender by reply e-mail and delete this message and its attachments from your computer without retaining a copy. You should not copy it, use it, transfer it, for any purpose, nor disclose its contents to any other person. Thank you."

I'm pretty certain there's a pam module in openldap, however, if I'm wrong, rlm_python or rlm_perl should both be able to authenticate against pam.