Re: [Hampshire] Happy Happy Joy Joy

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MStuart Sears at <-
M\MMGraham at ->

Reply to this message
Author: Vic
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Happy Happy Joy Joy
> Surely it's really only LDAP + Kerberos + custom LDAP schema?
> You can authenticate directly against AD as it stands using only pam_ldap
> and
> pam_krb5 - no samba requirement at all.

AIUI, the Privilege Attribute Certificate (PAC) screws things up royally.

I'm no expert, but what I've read seems to say that AD blurs the line
between authentication and authorisation - whether this is to try to
squeeze some performance out of it or to frustrate interoperability is a
matter of debate...

Vic.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Happy Happy Joy JoyRe: [Hampshire] Happy Happy Joy Joy->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)