[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap users auth to ldap ;)



On Tue, 15 Sep 1998, Jared Mauch wrote:

> On Tue, Sep 15, 1998 at 05:21:52PM -0700, Michael Thomas Cope wrote:
> > On Tue, 15 Sep 1998, Jared Mauch wrote:
> > 
> > > 
> > > 	Anyone doing this?
> > > 
> > > 	What i am ideally trying to do is the following:
> > > 
> > > 	for a cn=Luser
> > > 
> > > 	they have cryptpw=XXXX
> > > 
> > > 	and to bind they need to auth to that pw.
> > > 
> > > 	(Yeah, i'm trying to avoid digging too far into source)
> > > 
> > > 	- jared
> > For just crypted passwords you should be fine with the appropritate
> > defines in the Makefile.
> 
> 	hrm.. i'll have to hunt some more.
> 
> > What I am more interested in is an authetication backend for LDAP, perhaps
> > PAM that would allow pluggable authentication schemes.  I hacked up our
> > source to RADIUS as a backend but it's not a good solution long-term.
> 
> 	to backend radius->ldap for user auth?
> 
> 	or are you talking about radius->pam?
> 
> 	(Just trying to clarify, because i'm looking at doing
> radius->ldap as my next step late this week/next week).
Actually it's ldap -> radius authentication.  It may seem a little
backwards but we aren't ready to store passwords on LDAP yet (it would
just make one more password to change without a NISish setup) so we use
RADIUS servers in simple authentication mode on the three boxes that
between them have accounts for all users.  This way we can let people
modify LDAP attributes with their UNIX or VMS password and start pointing
other services, so far only Apache authentication, at LDAP.
	What I would like is to have LDAP authentication pointing at PAM
so that other backends do not have to be compiled in.
-Mike 

-- 
Michael Cope: Harvey Mudd College '00; Armand Hammer UWC '96
E-mail: Michael_Cope@hmc.edu