RE: Reality check on authentication notes


Subject: RE: Reality check on authentication notes
From: Jonathan Newman (jnewman@mudpup.com)
Date: Tue Jul 31 2001 - 12:47:27 EDT


Harald Wagener wrote:
> Chris Herrmann wrote:
> >
> > Hi all,
> >
> > I've included most of Thomas' notes in the url below. There's a question
> > still about how authentication works/doesn't work if pam passes
> > authentication off to an ldap server etc. Anyone got any
> experience here?
>
> It can be done. You have to configure pam to use the ldap auth module for
> netatalk,
> and use uams_cleartext.so as uam, since pam passes the password
> to the ldap server
> and needs it in clear text for this.

We use DHX with PAM. If netatalk is built with pam support and DHX support
you should end up with a symlink from uams_dhx_pam.so to uams_dhx.so.

This should allow dhx authentication through your ldap server (assuming you
configure the PAM settings correctly), without the need for cleartext
passwords.

Jon



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:47 EDT