[CentOS] Anyone using Active Driectory auth with Centos 5.4.....?

Wed Feb 10 14:11:11 UTC 2010
Dan Burkland <dburklan at NMDP.ORG>

 > -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of JohnS
> Sent: Wednesday, February 10, 2010 1:31 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Anyone using Active Driectory auth with Centos
> 5.4.....?
> 
> 
> On Tue, 2010-02-09 at 14:21 -0700, Craig White wrote:
> > On Tue, 2010-02-09 at 18:08 +0000, Joseph L. Casale wrote:
> > > >This looks like the way to go, I don't like the username /pass stored
> in plain text but maybe if I create a special group that doesn't really
> have any privileges this would work, geez AD is just plain bad...lol,
> Thanks.
> > >
> > > I guess you think insecure would be better? If I understand your need,
> you want
> > > to make AD insecure, so please enable anonymous binds so you don't
> need a user/pass
> > > to make the query:)
> > >
> > > Or program your own auth backend that binds with the intended creds
> asking for auth:)
> > > Oh, and do this w/o tls/ssl because you want it insecure:)
> > ----
> > seems to me that permitting an anonymous bind to LDAP is inherently more
> > secure than requiring a user/password combination so I don't think that
> > your explanation is exactly true. In Microsoft's view, the only systems
> > querying LDAP would be systems automatically passing the authentication.
> >
> > Craig
> ----
> 
> Yes it is true, you have to have that for it to work correctly.
> 
> John
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

I apologize if this has been mentioned before but one option would be to use Apache's Kerberos module for authentication. See the modules sourceforge page here --> http://modauthkerb.sourceforge.net/configure.html

Regards,

Dan