[CentOS] vectoring IRC / Jabber logins to AD?
Matt Shields
mattboston at gmail.com
Tue Apr 22 16:36:51 UTC 2008
On Tue, Apr 22, 2008 at 11:56 AM, Craig White <craig at tobyhouse.com> wrote:
>
> On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote:
> > Matt Hyclak wrote:
> > > On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
> > >> Excuse my ignorance (I just got crap on the #centos IRC channel for this
> > >> question), but is there a (easy!) way to have and IRC and/or Jabber server
> > >> relay a login to a Microsoft Active Directory server for authentication?
> > >> If there's a better question to ask this question, please point me in that
> > >> direction, and I'll be happy to do so
> > >>
> > >
> > > Well, you probably want to ask in a support channel for your IRC and jabber
> > > server software, and/or some sort of Microsoft channel.
> > >
> > > The way you've posed the question, it has nothing to do with CentOS, so I am
> > > unsurprised you got crap for it on IRC.
> >
> > I thought one of the big deals in Centos was the ability to configure
> > PAM to authenticate anywhere you want and all the apps use the same
> > settings? Isn't that true, or aren't there any jabber/IRC servers that
> > are bundled properly into the distribution?
> >
> > This sounds very much like a distro-centric question to me, even if the
> > answer turns out to be that Centos doesn't provide that.
> ----
> actually no.
>
> I am currently using ejabberd and it is not common to authenticate
> 'real' users but certain possible. The methodology of authenticating
> 'real' users would entirely depend upon the jabber server software which
> varies widely from perl to java to erlang.
>
> The point of authenticating against LDAP is rarely do you only want
> user/id authentication but you also want address books/user lists and
> other attributes that can be useful such as e-mail address.
>
> In addition, jabber servers do have to store attributes about users so
> there's little to be served by marrying PAM functions in.
>
> What you should have noticed here Les, is that Windows AD users are
> mostly clueless to how LDAP works and integrating Windows AD/LDAP into
> other software is a challenge for them.
>
> Craig
>
Why not just install OpenFire which has the AD <-> Jabber
authentication stuff built right in?
--
-matt
More information about the CentOS
mailing list