Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Thanks
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel.
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
Matt
Matt Hyclak wrote:
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel.
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
Les Mikesell wrote:
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
I know of neither. yum list "*jab*" only shows some perl-Jabber-* packages, yum list "*irc*" gives back ircd-hybrid from the kbs-CentOS-testing repository. So yes, ircd and jabberd aren't really in CentOS.
And I have no idea if ircd-hybrid is being able to interface into an already existing user database, as it has its very own ways managing "users".
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
Done.
Cheers,
Ralph
On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote:
Matt Hyclak wrote:
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel.
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
---- actually no.
I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible. The methodology of authenticating 'real' users would entirely depend upon the jabber server software which varies widely from perl to java to erlang.
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Craig
On Tue, Apr 22, 2008 at 11:56 AM, Craig White craig@tobyhouse.com wrote:
On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote:
Matt Hyclak wrote:
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel.
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
actually no.
I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible. The methodology of authenticating 'real' users would entirely depend upon the jabber server software which varies widely from perl to java to erlang.
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Craig
Why not just install OpenFire which has the AD <-> Jabber authentication stuff built right in?
On Tue, 2008-04-22 at 12:36 -0400, Matt Shields wrote:
On Tue, Apr 22, 2008 at 11:56 AM, Craig White craig@tobyhouse.com wrote:
On Mon, 2008-04-21 at 21:34 -0500, Les Mikesell wrote:
Matt Hyclak wrote:
On Mon, Apr 21, 2008 at 06:39:45PM -0700, Rogelio enlightened us:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication? If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Well, you probably want to ask in a support channel for your IRC and jabber server software, and/or some sort of Microsoft channel.
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
actually no.
I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible. The methodology of authenticating 'real' users would entirely depend upon the jabber server software which varies widely from perl to java to erlang.
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Craig
Why not just install OpenFire which has the AD <-> Jabber authentication stuff built right in?
---- I'm actually planning to re-do one of my servers which is providing jabber and I will test out OpenFire...
Ejabberd works pretty well all things considered and was fairly trivial to integrated into my OpenLDAP setup not only for authentication but to build 'lists' of people automatically and to pick other LDAP attributes.
Craig
Craig White wrote:
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
actually no.
I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible.
Are you speaking for places that actually have all of their users in AD when you say it is not common authenticate real users?
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
But those may or may not be the same ones you'd find in AD.
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
I'd settle for not having yet another password.
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Which is why you'd want to set up PAM once, not login/ssh/imap/pop/http/smtp/samba and all those other applications that want a password. Especially when you want to be able to add local accounts in addition to using a network authentication mechanism.
On Tue, 2008-04-22 at 13:00 -0500, Les Mikesell wrote:
Craig White wrote:
The way you've posed the question, it has nothing to do with CentOS, so I am unsurprised you got crap for it on IRC.
I thought one of the big deals in Centos was the ability to configure PAM to authenticate anywhere you want and all the apps use the same settings? Isn't that true, or aren't there any jabber/IRC servers that are bundled properly into the distribution?
This sounds very much like a distro-centric question to me, even if the answer turns out to be that Centos doesn't provide that.
actually no.
I am currently using ejabberd and it is not common to authenticate 'real' users but certain possible.
Are you speaking for places that actually have all of their users in AD when you say it is not common authenticate real users?
---- I'm talking about jabber implementations. I get the impression from the couple I have set up that the authors don't consider authenticating 'system users' aka 'real users' as their primary usage ----
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
But those may or may not be the same ones you'd find in AD.
---- any reasonable LDAP implementation allows you to define the DN (or DN's) to be used for various purposes ----
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
I'd settle for not having yet another password.
---- sure - makes sense - how many different jabber servers are you running? ----
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Which is why you'd want to set up PAM once, not login/ssh/imap/pop/http/smtp/samba and all those other applications that want a password. Especially when you want to be able to add local accounts in addition to using a network authentication mechanism.
---- sure - makes sense - how many different jabber servers are you running?
You are simply looking through a lens that says corporate users, corporate login accounts, etc. That's fine but I get the distinct impression that it is hardly the typical setup.
Craig
Craig White wrote:
The point of authenticating against LDAP is rarely do you only want user/id authentication but you also want address books/user lists and other attributes that can be useful such as e-mail address.
But those may or may not be the same ones you'd find in AD.
any reasonable LDAP implementation allows you to define the DN (or DN's) to be used for various purposes
But the people managing AD may have no interest in supporting other applications.
In addition, jabber servers do have to store attributes about users so there's little to be served by marrying PAM functions in.
I'd settle for not having yet another password.
sure - makes sense - how many different jabber servers are you running?
A couple, currently used by small sets of people but it's likely to expand (the people, not necessarily the servers). I want to set up at least one of them with OpenNMS spewing its notifications into a multiuser chat room that the network operators can join.
What you should have noticed here Les, is that Windows AD users are mostly clueless to how LDAP works and integrating Windows AD/LDAP into other software is a challenge for them.
Which is why you'd want to set up PAM once, not login/ssh/imap/pop/http/smtp/samba and all those other applications that want a password. Especially when you want to be able to add local accounts in addition to using a network authentication mechanism.
sure - makes sense - how many different jabber servers are you running?
You are simply looking through a lens that says corporate users, corporate login accounts, etc. That's fine but I get the distinct impression that it is hardly the typical setup.
When someone mentions AD, I'd assume corporate users, existing logins, existing passwords and password change policy - and probably some MS-centric people managing it who may not want to help glue on some open-source parts.
On Mon, Apr 21, 2008 at 9:39 PM, Rogelio scubacuda@gmail.com wrote:
Excuse my ignorance (I just got crap on the #centos IRC channel for this question), but is there a (easy!) way to have and IRC and/or Jabber server relay a login to a Microsoft Active Directory server for authentication?
If there's a better question to ask this question, please point me in that direction, and I'll be happy to do so
Since Active Directory is mostly ldap, you can vary your search by looking for ldap based authentication for jabber.
This will point you to http://www.onlamp.com/pub/a/onlamp/2005/10/06/jabberd.html?page=1
You might also have a look at the ejabberd website and check there for ldap/AD authentication info. See http://www.ejabberd.im/forum/7
The #centos channel is mostly for supporting the software shipped by centos, and/or installation problems. Questions of your sort will have a varied response based on channel mood, which is a bit bipolar to say the least.
-
Craig White -
Jim Perrin -
Les Mikesell -
Matt Hyclak -
Matt Shields -
Ralph Angenendt -
Rogelio