[CentOS] vectoring IRC / Jabber logins to AD?

Tue Apr 22 18:00:36 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Craig White wrote:
> >
>>> The way you've posed the question, it has nothing to do with CentOS, so I am
>>> unsurprised you got crap for it on IRC.
>> I thought one of the big deals in Centos was the ability to configure 
>> PAM to authenticate anywhere you want and all the apps use the same 
>> settings?  Isn't that true, or aren't there any jabber/IRC servers that 
>> are bundled properly into the distribution?
>> This sounds very much like a distro-centric question to me, even if the 
>> answer turns out to be that Centos doesn't provide that.
> ----
> actually no.
> I am currently using ejabberd and it is not common to authenticate
> 'real' users but certain possible.

Are you speaking for places that actually have all of their users in AD 
when you say it is not common authenticate real users?

> The point of authenticating against LDAP is rarely do you only want
> user/id authentication but you also want address books/user lists and
> other attributes that can be useful such as e-mail address.

But those may or may not be the same ones you'd find in AD.

> In addition, jabber servers do have to store attributes about users so
> there's little to be served by marrying PAM functions in.

I'd settle for not having yet another password.

> What you should have noticed here Les, is that Windows AD users are
> mostly clueless to how LDAP works and integrating Windows AD/LDAP into
> other software is a challenge for them.

Which is why you'd want to set up PAM once, not 
login/ssh/imap/pop/http/smtp/samba and all those other applications that 
want a password.  Especially when you want to be able to add local 
accounts in addition to using a network authentication mechanism.

   Les Mikesell
    lesmikesell at gmail.com