On Fri, 11 Dec 2009, Chris Reisor wrote:
You should have a look at this project:
http://www.pgina.org/
unfortunantly the developer stopped maintaining it about a year ago and
nobody has stepped up to take over.
David Lang
I've used it to authenticate users to Windows (non-AD) + eDirectory
for lab machines at a college where the college had LDAP accounts for
all users. This was 3 or so years ago.
Think of it as PAM for Windows. The Windows auth libraries are called
"GINAs." The native one is msgina.dll. Some other products insert
their GINAs before this one, in a chain. For example, PCAnywhere has
its own GINA, Novell client has it's own GINA, etc. I'm sure there
are other examples.
At each point in the chain, if the authentication succeeds, it moves
on to the next link in the chain until you are finally authenticated.
pGina is an Open Source GINA which has a plugin API so that you can
use it to authenticate against various databases like LDAP, NIS, etc.
There are some interesting ones out there (including one that
authenticates you against your Slashdot account). And, of course, you
can write your own.
In our case, we set it up to authenticate users against the university
LDAP, and if that succeeded, we had registry keys that automatically
logged the user in as a generic account for that individual lab
computer. I had actually written a little script to log usage to a
MySQL db, but it looks like somebody has contributed a plugin to do
this.
On Fri, Dec 11, 2009 at 7:19 AM, Adam Tauno Williams
<[email protected]> wrote:
> > AD is solid, scalable, and well supported. There *are* some gotchas if
> > you are looking for 100% LDAP compatibility, but for authc/authz (login,
> > groups, etc.) nothing else performs quite as well. (I do hope that Open
> > LDAP catches up!)
> What is the advantage of going ldap against AD vs. using kerberos ?
OpenLDAP/kerberos works swimmingly on Linux and Mac, and has
cheap failover options; I've not gotten a non-AD LDAP/kerberos
type system working to auth windows clients, so I guess the advantage
of AD is that you can use it on windows clients as well as Linux
clients.
Yep, if you have Windows, and want a domain, you need AD. Windows does
not support Kerberos or LDAP [not in any real-world usable way].
--
OpenGroupware developer: [email protected]
<http://whitemiceconsulting.blogspot.com/>
OpenGroupare & Cyrus IMAPd documenation @
<http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
