Re: OpenLDAP delegates authentication to PAM

Sat, 15 Jan 2011 09:30:36 -0800 

On 1/14/2011 13:10, Manuel Rodríguez Hernández wrote:


Hello


I want to configure an application that only supports LDAP 
authentication, the challenge I face is that this application should 
not use the LDAP database to compare user and password, what I need, 
is to authenticate against a private solution which use its own auth 
schema, besides the only way to pass credentials to this private 
solution is using PAM, that is for example: an http proxy use a PAM 
helper to authenticate, and the PAM config use a PAM module to pass 
user/password to the private solution. So due to the restrictions, I'm 
looking to deploy an OpenLDAP server that redirects auth or executes 
an external program in order to authenticate against the private 
solution, and finally returns the response to the application that 
needs the authentication.



So I was looking to the back-perl module to deploy something like 
that, but I'm not sure it will work.


Does anybody know anything to solve this deployment?

I will appreciate any clue.

Thanks in advance



RODRIGUEZ Manuel


 Tel: +52 (55) 5322-5290
 Soporte: +52(55) 5322-5240
 Fax: +52 (55) 5322-5252
 www.insys-corp.com.mx


"Ce message est confidentiel. Si vous n'êtes pas le destinataire de ce 
message, nous vous prions de le notifier au destinataire voie un 
courrier électronique et de l'effacer avec toutes ces pièces jointes 
de son ordinateur, sans sauvegarder un copie. Vous ne devez pas le 
copier, l'utiliser, le répliquer, par aucun propos et même plus 
diffuser son contenu à personne. Merci d'avance."
"Este mensaje es confidencial. Si usted no es el destinatario de este 
mensaje, le suplicamos se lo notifique al remitente mediante un correo 
electrónico y que borre el presente mensaje y sus anexos de su 
computadora sin retener copia de los mismos. Por lo que no debe copiar 
este mensaje, usarlo, transmitir para cualquier propósito ni tampoco 
divulgar su contenido. Muchas gracias."
"This e-mail is confidential and may also be privileged. If you are 
not the intended recipient please immediately advise the sender by 
reply e-mail and delete this message and its attachments from your 
computer without retaining a copy. You should not copy it, use it, 
transfer it, for any purpose, nor disclose its contents to any other 
person. Thank you."



I'm pretty certain there's a pam module in openldap, however, if I'm 
wrong, rlm_python or rlm_perl should both be able to authenticate 
against pam.





















					Reply via email to