[CentOS] vectoring IRC / Jabber logins to AD?
Les Mikesell
lesmikesell at gmail.com
Tue Apr 22 18:00:36 UTC 2008
Craig White wrote:
> >
>>> The way you've posed the question, it has nothing to do with CentOS, so I am
>>> unsurprised you got crap for it on IRC.
>> I thought one of the big deals in Centos was the ability to configure
>> PAM to authenticate anywhere you want and all the apps use the same
>> settings? Isn't that true, or aren't there any jabber/IRC servers that
>> are bundled properly into the distribution?
>>
>> This sounds very much like a distro-centric question to me, even if the
>> answer turns out to be that Centos doesn't provide that.
> ----
> actually no.
>
> I am currently using ejabberd and it is not common to authenticate
> 'real' users but certain possible.
Are you speaking for places that actually have all of their users in AD
when you say it is not common authenticate real users?
> The point of authenticating against LDAP is rarely do you only want
> user/id authentication but you also want address books/user lists and
> other attributes that can be useful such as e-mail address.
But those may or may not be the same ones you'd find in AD.
> In addition, jabber servers do have to store attributes about users so
> there's little to be served by marrying PAM functions in.
I'd settle for not having yet another password.
> What you should have noticed here Les, is that Windows AD users are
> mostly clueless to how LDAP works and integrating Windows AD/LDAP into
> other software is a challenge for them.
Which is why you'd want to set up PAM once, not
login/ssh/imap/pop/http/smtp/samba and all those other applications that
want a password. Especially when you want to be able to add local
accounts in addition to using a network authentication mechanism.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list