Mailing List CGatePro@mail.stalker.com Message #92745
From: Darren Sundborg <d.sundborg@ukintpress.com>
Subject: RE: Passwords
Date: Wed, 26 Sep 2007 16:54:46 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.2.9/1.2.10
Hi

I think it is all setup now...

Just a few things:

1) Does the user have to have the same PC logon name & Communigate email
logon name?

2) When users change their Windows AD passwords, Outlook will prompt for
a new password as well?

3) If APPLE MAC users are logging in thourgh AD, is there a way for them
to also change their passwords? Or be prompted? (I suppose that would be
asking for to much!!)


Once again thanking you all...

 
Disclaimer
 
================================================================
This email (which includes any files transmitted with it) is
confidential and may also be legally privileged.
It is intended solely for the use of the individual to whom it is
addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of UKIP Media & Events
Ltd.
 
If you are not the intended recipient, be advised that any use,
dissemination, forwarding, printing, or copying of this email is
strictly prohibited. If you have received this message in error, do not
open any attachment but please notify the sender (above) deleting this
message from your system. Please rely on your own anti-virus system, no
responsibility is taken by the sender for any damage rising out of virus
infection.
 
UKIP Media & Events Ltd.
Registered Address: 82 St John Street, London EC1M 4JN VAT No. GB879
4451 71 Registration Number: 5893940 Company registered in England and
Wales
 
 
-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
Behalf Of Roland Hordos
Sent: 26 September 2007 16:05
To: CommuniGate Pro Discussions
Subject: Re: Passwords

Another PAM module that works well is the pam_smb (Samba) module, which
took minutes to setup and has run flawlessly for us for 100 user-years
(like kilowatt hours ;).  A Linux box that is a domain member will
transparently authenticate to Active Directory via external auth -> pam
-> winbind, and password changes are noticed immediately.  Like the
other external auth methods, and as Graeme mentioned, SASL doesn't work
because it needs a copy of the password.  However we can still run CG
with the "Secure Only" authentication option, as there's an encrypted
_connection_ mechanism for every protocol.

Roland;

-----Original Message-----
From: Graeme Fowler [mailto:G.E.Fowler@lboro.ac.uk]
Sent: Tuesday, September 25, 2007 10:35 AM
Subject: Re: Passwords


On Tue, 2007-09-25 at 16:44 +0100, Martin.Hepworth wrote:
> http://lists.communigate.com/Lists/CGatePro/Message/91168.html
> and other things in archive about handling AD/Kerberos authentication
well.

Bearing in mind that Darren has been chewing his own legs off in the
past over the local inability (not his, but local nonetheless) to get
full client/server Kerberos to work, might I suggest that:

1. If you (Darren) are running CGP on Linux, then you can use the PAM
module pam_krb5 to authenticate against your Active Directory for you
via an external authenticator. This is what we do for Webmail.

2. If you (Darren) are running CGP on Windows, then run it on a domain
controller or promote your CGP server to be a domain controller and then
authenticate against the local system.

Alternatively, use the method John Rudd just posted.

Our external authenticator does something similar to that simply so we
have a copy of up-to-date passwords kept within CGP itself - this way we
can make use of challenge/response or SASL methods such as those used by
SIP, XIMSS et al.

Graeme







#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster