[CentOS] vectoring IRC / Jabber logins to AD?

Tue Apr 22 18:22:26 UTC 2008
Craig White <craig at tobyhouse.com>

On Tue, 2008-04-22 at 13:00 -0500, Les Mikesell wrote:
> Craig White wrote:
> > >
> >>> The way you've posed the question, it has nothing to do with CentOS, so I am
> >>> unsurprised you got crap for it on IRC.
> >> I thought one of the big deals in Centos was the ability to configure 
> >> PAM to authenticate anywhere you want and all the apps use the same 
> >> settings?  Isn't that true, or aren't there any jabber/IRC servers that 
> >> are bundled properly into the distribution?
> >>
> >> This sounds very much like a distro-centric question to me, even if the 
> >> answer turns out to be that Centos doesn't provide that.
> > ----
> > actually no.
> > 
> > I am currently using ejabberd and it is not common to authenticate
> > 'real' users but certain possible.
> Are you speaking for places that actually have all of their users in AD 
> when you say it is not common authenticate real users?
I'm talking about jabber implementations. I get the impression from the
couple I have set up that the authors don't consider authenticating
'system users' aka 'real users' as their primary usage
> > The point of authenticating against LDAP is rarely do you only want
> > user/id authentication but you also want address books/user lists and
> > other attributes that can be useful such as e-mail address.
> But those may or may not be the same ones you'd find in AD.
any reasonable LDAP implementation allows you to define the DN (or DN's)
to be used for various purposes
> > In addition, jabber servers do have to store attributes about users so
> > there's little to be served by marrying PAM functions in.
> I'd settle for not having yet another password.
sure - makes sense - how many different jabber servers are you running?
> > What you should have noticed here Les, is that Windows AD users are
> > mostly clueless to how LDAP works and integrating Windows AD/LDAP into
> > other software is a challenge for them.
> Which is why you'd want to set up PAM once, not 
> login/ssh/imap/pop/http/smtp/samba and all those other applications that 
> want a password.  Especially when you want to be able to add local 
> accounts in addition to using a network authentication mechanism.
sure - makes sense - how many different jabber servers are you running?

You are simply looking through a lens that says corporate users,
corporate login accounts, etc. That's fine but I get the distinct
impression that it is hardly the typical setup.