We have a PAM pass thru plugin that allows you to pass through the
authentication request from FDS to PAM, and then to kerberos or whatever
you want. We use this internally to allow LDAP clients that can only do
simple BIND to use their Kerberos password. It's not compiled or
enabled by default, but it's pretty simple to do so.
http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/pam_...
Derek T. Yarnell wrote:
Does the Fedora DS or RHDS support pass thru authentication via
SASL?
For example, openldap can use --enable-spasswd at compile time to
allow simple binds be accepted at the LDAP level and then
authenticated with SASL (saslauthd in this example) to kerberos
underneath and accept the bind.
I need to have kerberos around for AFS but would like to be able to
just use the LDAP directory as a way to authenticate clients that are
not kerberized.