[TriLUG] PAM question(s)

David McDowell turnpike420 at gmail.com
Mon Nov 6 15:44:54 EST 2006


new bit of information of interest to this thread, sorta, quoted from my $boss:

"Windows 2003 Server R2 has a new feature called "Identity Management
for UNIX," which includes an Active Directory-integrated NIS service.
All Red Hat boxes are preconfigured with the ability to authenticate
to NIS, and with minor tweaking, you can get them to auto-create home
directories the first time a valid NIS user logs in (similar to how
Windows XP boxes create user profiles). R2 also includes an NFS server
and client, and a Posix-compatible operating environment (like
Cygwin). I wonder if you can install gcc on 2003 R2 and compile and
run bash?"

That might open some doors for alternatives.  I haven't tried this...


On 11/2/06, David McDowell <turnpike420 at gmail.com> wrote:
> Is this what you want?
>
> http://www.turnpike420.net/linux/Apache_ADS_AuthLDAP.txt
>
> David
>
>
>
> On 11/2/06, Paul G. Szabady <Paul at thyservice.com> wrote:
> > Greetings,
> >
> > Is it at all possible to authenticate users via http/.htaccess using their
> > Windows AD (native mode) domain accounts without a local user account?  I
> > have made the following changes and it works fine if there's a local user
> > account.  I'm trying to stay away from winbind and don't control our AD
> > forest, so I'm not sure we can get ldap extensions in the AD.
> >
> > If this is not possible with the means I've mentioned, can anyone suggest
> > any alternatives they've used or seen in use?
> >
> > This would mainly be on RHEL3 & RHEL4 boxes, although I have two sun
> > servers that I need to do something with as well.
> >
> > In the /etc/httpd/conf/httpd.conf file I added:
> > AuthPAM_FallThrough on
> > AuthPAM_Enabled on
> >
> > In the /etc/pam.d/ config files I changed httpd and system-auth to:
> >
> > [root at server pam.d]# cat httpd
> > #%PAM-1.0
> > auth required /lib/security/$ISA/pam_env.so
> > auth sufficient /lib/security/$ISA/pam_krb5.so
> > auth required /lib/security/$ISA/pam_deny.so
> > account required /lib/security/$ISA/pam_krb5.so
> > [root at server pam.d]#
> >
> > [root at server pam.d]# cat system-auth
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > auth        required      /lib/security/$ISA/pam_env.so
> > auth        sufficient    /lib/security/$ISA/pam_krb5.so
> > ccache=/tmp/krb5cc_%u
> > auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> > auth        required      /lib/security/$ISA/pam_deny.so
> >
> > account     required      /lib/security/$ISA/pam_unix.so
> >
> > password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
> > password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> > use_authtok md5 shadow
> > password    required      /lib/security/$ISA/pam_deny.so
> >
> > session     required      /lib/security/$ISA/pam_limits.so
> > session     required      /lib/security/$ISA/pam_unix.so
> > [root at server pam.d]#
> >
> > Any help would be appreciated!
> >
> > --
> > Paul
> > @ Thy Service
> >
> >
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
>



More information about the TriLUG mailing list