Re: Reality check on authentication notes


Subject: Re: Reality check on authentication notes
From: Jeff (jeff@univrel.pr.uconn.edu)
Date: Tue Jul 31 2001 - 09:12:08 EDT


Chris Herrmann wrote:
>
> Hi all,
>
> I've included most of Thomas' notes in the url below. There's a question
> still about how authentication works/doesn't work if pam passes
> authentication off to an ldap server etc. Anyone got any experience here?
>
> <snip>
> >
> > http://gemini.faredge.com.au/netatalk/authentication.html
> >
> Well, there is an open issue: integrating authentication against external
> services like ldap, smb, etc. as Harald wrote.
>
> | am 30.07.2001 11:45 Uhr schrieb Harald Wagener:
> |
> | > But You cannot use DHX if authentication is passed to some external
> | > mechanism by PAM. And if You put uams_dhx.o in the list of allowable
> | > methods, the chooser (appleshare client) will choose that of itīs own,
> | > and authentication against the ldap server won't work anymore.
> | > Or am I wrong here?
>
> I don't have any spare time to check this out. Maybe somebody asks this on
> the Netatalk-devel lists whether there is a way to combine the pam uam with
> dhx authentication. This would improve things much.

You just have to use the DHX PAM module, then set up your PAM file for
netatalk to authenticate off of whatever you want.

Also, you have to compile the 1.5pre series with --enable-pam to allow
PAM to work with cleartext and DHX.

Jeff



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:47 EDT