From: Kenn Humborg (kenn at domain bluetree.ie)
Date: Wed 16 Feb 2000 - 13:32:39 GMT
> On Wed, Feb 16, 2000 at 12:58:11PM -0000, Kenn Humborg mentioned:
> > This reminds me... I must take the time to submit my
> > PAM hack to the OpenLDAP people.
> Why, what didn't pam_ldap do for you ?
Other way around. Entries under ou=Personnel, o=Blue
Tree Systems, c=IE have a uid attribute that is set to their
network username and a UsePAMAuth attribute set to True.
Then whenever an LDAP client tries to bind to the
directory as, say, cn=Kenn Humborg, ou=Personnel,
o=Blue Tree Systems, c=IE, my patch checks for the
UsePAMAuth attribute. If this is True, the it fires
up PAM, sets application name to slapd, username to
the uid attribute value and password to the client-supplied
password, and asks PAM to authenticate
PAM then goes and does its thing, as directed by
/etc/pam.d/slapd. In my case, this uses pam_smb to
check the username and password against an NT domain
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:05:26 GMT