Subject: Re: Reality check on authentication notes
From: Harald Wagener (hwagener@fcb-wilkens.com)
Date: Tue Jul 31 2001 - 05:02:56 EDT
Chris Herrmann wrote:
>
> Hi all,
>
> I've included most of Thomas' notes in the url below. There's a question
> still about how authentication works/doesn't work if pam passes
> authentication off to an ldap server etc. Anyone got any experience here?
It can be done. You have to configure pam to use the ldap auth module for
netatalk,
and use uams_cleartext.so as uam, since pam passes the password to the ldap server
and needs it in clear text for this.
down side: uams_cleartext.so only works with passwords up to 8 characters long
up side: it also supports groups defined in the ldap directory, i.e. You don't
need
to pollute Your *nix setup with entries in the group definition file.
By the way: We use netatalk on xfs, and are having only minor problems (see other
posting).
This is on RedHat 7.1, with a 2.4.2-XFS kernel, on a dual PIII-800 machine with a
redundantly
controlled raid array over a intel eepro gigabit network card.
> <snip>
> >
> > http://gemini.faredge.com.au/netatalk/authentication.html
> >
> Well, there is an open issue: integrating authentication against external
> services like ldap, smb, etc. as Harald wrote.
>
> | am 30.07.2001 11:45 Uhr schrieb Harald Wagener:
> |
> | > But You cannot use DHX if authentication is passed to some external
> | > mechanism by PAM. And if You put uams_dhx.o in the list of allowable
> | > methods, the chooser (appleshare client) will choose that of itīs own,
> | > and authentication against the ldap server won't work anymore.
> | > Or am I wrong here?
>
> I don't have any spare time to check this out. Maybe somebody asks this on
> the Netatalk-devel lists whether there is a way to combine the pam uam with
> dhx authentication. This would improve things much.
>
> <unsnip>
>
> Cheers,
>
> Chris
-- Harald Wagener | Systemadministrator FCB/Wilkens GmbH | Tel.:+49-40-2881-1252 An der Alster 42 | Fax.:+49-40-2881-1263 20099 Hamburg | http://www.fcb-wilkens.com
This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:46 EDT