6 Nov
2018
6 Nov
'18
1:59 p.m.
On Nov 5, 2018, at 11:58 PM, Grant Taylor via TUHS
<tuhs(a)minnie.tuhs.org> wrote:
On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
Yes, pam when I was trying to figure out how to put it altogether PAM was always working
in the background but I believe it was the SASL configs that pointed to my Open Directory
server that centralized our Linux accounts. So as strange as it may seem to some there
have be instances were OS X served Linux clients:)
I found that I had to do all of this using SASL.
At first read I was thinking "SASL? Really?". Then I remembered that Simple
Authentication and Security Layer is really just an abstraction layer. An abstraction
layer that very easily could have (but I don't know one way or the other) a back end
to Kerberos.
I remember it as SASL would handle the
kerberization during boot up getting tickets for each LDAP entry that you wanted mapped to
a service on that client.
Hum.
I could be wrong but I think SASL seems to be way
connect services on Linux with LDAP that are served kerberized.
I've always viewed SASL as a way for applications to outsource the authentication /
security so that the program code didn't need to worry about it. It also allowed
SASL to manage supporting all the different back end security methods.
I also think much the same about PAM. - In fact, I don't think I could properly
differentiate between PAM and SASL.
--
Grant. . . .
unix || die