[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: nss_ldap error
man, 08.12.2003 kl. 15.09 skrev Adam Denenberg:
> thanks Tony. The main reason i wanted to avoid pam is b/c pam does not
> seem to support SASL from what i have read and i need the pam libraries
> to force a SASL auth request since my ldap server passes authentication
> to a radius server. Putting radius credentials on each ssh client is
> not feasible which is why i want to go the ldap route.
>
> Any workarounds for that do you see?
I don't know how Radius works, I'm afraid. You're certainly right that
pam_ldap doesn't have any idea of how SASL works - it uses simple binds,
either anonymous then re-authenticating as a user, or using a proxy
user. I suspect you might get better help on the Radius list, if there
is one.
FWIW and thanks to this list, I have SASL digest-md5 proxy authorization
built into my 2.1.25 server config, because I need it for LDAP-based
Postfix smtp SASL auth, using Howard's libldap auxprop library. That way
I pass my slapd SASL on to a third-party utility. Probably won't help
you though, but it's worth mentioning.
--Tonni
--
mail: billy - at - billy.demon.nl
http://billy.demon.nl