[389-users] PAM PTA partially working
Rich Megginson
rmeggins at redhat.com
Wed Sep 23 15:47:16 UTC 2009
Prashanth Sundaram wrote:
>
> Andrey,
>
> Thanks for the info. It worked for me. :) Just another question, I
> want to secure the communication with AD secure. I read that AD is not
> SSL compatible and supports startTLS.
AD is TLS/SSL compatible and it supports startTLS. Winsync supports
both LDAPS and LDAP with startTLS.
> What security mechanism have you used in your systems with AD?
>
> http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no
> <http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redirect=no>
>
>
> Hi,
>
> You should not verify the users locally (there is a "no_user_check" to
> add). The authoritative source of validation should be AD/Kerberos.
> Here is the config that works for us :
>
> auth sufficient /lib/security/pam_krb5.so no_user_check
> account required /lib/security/pam_krb5.so no_user_check
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090923/ff54fa64/attachment.bin>
More information about the 389-users
mailing list