[CentOS] authentication loosely tied to active directory?

Fri Jun 5 17:00:35 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

What's the best authentication scheme when you are dealing with an 
active directory that someone else controls?  I've been using pam 
configured for smb and local passwords where a local account is needed 
for real logins (but either the domain or local password will work) and 
web services don't require a local account. That's most of the 
functionality I want and it doesn't take pre-arrangement with the AD 
administrator, but I have to glue mod_auth_pam into httpd and I'm not 
sure how to duplicate it for java web services.

Is there a way to use an LDAP proxy in a similar way so I can add 
accounts of my own but also accept anything from one or more AD's? Or 
some better approach entirely?

-- 
   Les Mikesell
    lesmikesell at gmail.com