[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: authentication

To: "Trotta, Johathan R." <trottajr@pweh.com>
Subject: RE: authentication
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Thu, 21 Dec 2000 14:27:28 -0500 (EST)
Cc: openldap-general@OpenLDAP.org
In-reply-to: <CB51E5C04875D411BEB100805FEA01DA66E2BC@ehposrv9.eh.pweh.com>
References: <CB51E5C04875D411BEB100805FEA01DA66E2BC@ehposrv9.eh.pweh.com>
User-agent: IMP/PHP IMAP webmail program 2.2.1

>If you are trying to get NT or winK2 to authenticate using ldap I think
>there are basically two worth while approaches that I know of.
>1 Configure Samba as PDC and use pam_ldap (I believe there are password
>sync issues that require you to do some windows programming.  Basically using
>an available nt/wink2 library function (passwordnotify?) to cause password
>changes in nt/wink2 to bubble up to the ldap)

You cannot use PDC-Samba with PAM due to encrypted password issues.  This is
boldly stated in the docs if you don't believe me.  Password sync between the
Samba password database and the LDAP server is trivial and all on the server
side, however.  No modification of the Windows client is required what-so-ever.
 
>2 Modify the GINA (I think Univ of Mich may have a pam_gina available or
>is at a minimum working on some type of pam_gina)

Last I checked this is not true.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505

References:
- RE: authentication
  - From: "Trotta, Johathan R." <trottajr@pweh.com>

Prev by Date: Re: PADL
Next by Date: Re: PADL
Index(es):
- Chronological
- Thread