Mailing List CGatePro@mail.stalker.com Message #92731
From: Graeme Fowler <G.E.Fowler@lboro.ac.uk>
Subject: Re: Passwords
Date: Tue, 25 Sep 2007 17:35:06 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Evolution 2.10.3 (2.10.3-4.fc7)
On Tue, 2007-09-25 at 16:44 +0100, Martin.Hepworth wrote:
> http://lists.communigate.com/Lists/CGatePro/Message/91168.html
> and other things in archive about handling AD/Kerberos authentication well.

Bearing in mind that Darren has been chewing his own legs off in the
past over the local inability (not his, but local nonetheless) to get
full client/server Kerberos to work, might I suggest that:

1. If you (Darren) are running CGP on Linux, then you can use the PAM
module pam_krb5 to authenticate against your Active Directory for you
via an external authenticator. This is what we do for Webmail.

2. If you (Darren) are running CGP on Windows, then run it on a domain
controller or promote your CGP server to be a domain controller and then
authenticate against the local system.

Alternatively, use the method John Rudd just posted.

Our external authenticator does something similar to that simply so we
have a copy of up-to-date passwords kept within CGP itself - this way we
can make use of challenge/response or SASL methods such as those used by
SIP, XIMSS et al.

Graeme

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster