On Dec 5, 2005, at 2:34 pm, Arturo 'Buanzo' Busleiman wrote:
>
> Stroller wrote:
>> to authenticate against the domain controller everytime the user logs
>> on
>> to their email?
>
> You have many approaches, each of them with specific complications:
>
> ...
> 3) PAM_LDAP and use courier with authpam: May probe useful. It
> certainly did a couple of years ago for me.
From <http://www.networkcomputing.com/1305/1305ws12.html> I'm reading
that:
Finally, we need to add users to both the Linux server and the
Windows domain. Here lies an obvious deficiency with this
solution. We have provided an enterprise-scalable authentication
mechanism but not an enterprise-scalable account-management
mechanism.
Is this really the case, please? I had just decided that PAM was the
way to go for me until I read this.
I've never done this, but theoretically you could authenticate against a PDC using Kerberos and then use that Kerberos ticket to connect to any machine in your network using SSH (SSH has builtin support for SSO using Kerberos). I've successfully configured SSO in this way, but authentication was done against an OpenLDAP/Heimdal server. But weren't we talking about IMAP servers?
Best regards
Jose
