[CentOS] vectoring IRC / Jabber logins to AD?

Tue Apr 22 18:22:26 UTC 2008

On Tue, 2008-04-22 at 13:00 -0500, Les Mikesell wrote:
> Craig White wrote:
> > >
> >>> The way you've posed the question, it has nothing to do with CentOS, so I am
> >>> unsurprised you got crap for it on IRC.
> >> I thought one of the big deals in Centos was the ability to configure 
> >> PAM to authenticate anywhere you want and all the apps use the same 
> >> settings?  Isn't that true, or aren't there any jabber/IRC servers that 
> >> are bundled properly into the distribution?
> >>
> >> This sounds very much like a distro-centric question to me, even if the 
> >> answer turns out to be that Centos doesn't provide that.
> > ----
> > actually no.
> > 
> > I am currently using ejabberd and it is not common to authenticate
> > 'real' users but certain possible.
> 
> Are you speaking for places that actually have all of their users in AD 
> when you say it is not common authenticate real users?
----
I'm talking about jabber implementations. I get the impression from the
couple I have set up that the authors don't consider authenticating
'system users' aka 'real users' as their primary usage
----
> 
> > The point of authenticating against LDAP is rarely do you only want
> > user/id authentication but you also want address books/user lists and
> > other attributes that can be useful such as e-mail address.
> 
> But those may or may not be the same ones you'd find in AD.
----
any reasonable LDAP implementation allows you to define the DN (or DN's)
to be used for various purposes
----
> 
> > In addition, jabber servers do have to store attributes about users so
> > there's little to be served by marrying PAM functions in.
> 
> I'd settle for not having yet another password.
----
sure - makes sense - how many different jabber servers are you running?
----
> 
> > What you should have noticed here Les, is that Windows AD users are
> > mostly clueless to how LDAP works and integrating Windows AD/LDAP into
> > other software is a challenge for them.
> 
> Which is why you'd want to set up PAM once, not 
> login/ssh/imap/pop/http/smtp/samba and all those other applications that 
> want a password.  Especially when you want to be able to add local 
> accounts in addition to using a network authentication mechanism.
----
sure - makes sense - how many different jabber servers are you running?

You are simply looking through a lens that says corporate users,
corporate login accounts, etc. That's fine but I get the distinct
impression that it is hardly the typical setup.

Craig