> -----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of JohnS Sent: Wednesday, February 10, 2010 1:31 AM To: CentOS mailing list Subject: Re: [CentOS] Anyone using Active Driectory auth with Centos 5.4.....?
On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote:
On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote:
This looks like the way to go, I don't like the username /pass stored
in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks.
I guess you think insecure would be better? If I understand your need,
you want
to make AD insecure, so please enable anonymous binds so you don't
need a user/pass
to make the query:)
Or program your own auth backend that binds with the intended creds
asking for auth:)
Oh, and do this w/o tls/ssl because you want it insecure:)
seems to me that permitting an anonymous bind to LDAP is inherently more secure than requiring a user/password combination so I don't think that your explanation is exactly true. In Microsoft's view, the only systems querying LDAP would be systems automatically passing the authentication.
Craig
Yes it is true, you have to have that for it to work correctly.
John
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I apologize if this has been mentioned before but one option would be to use Apache's Kerberos module for authentication. See the modules sourceforge page here --> http://modauthkerb.sourceforge.net/configure.html
Regards,
Dan