Mailing List CGatePro@mail.stalker.com Message #92755
From: Alexander Lázaro Gómez Valdivia <alexandergv@esvc.co.cu>
Subject: Re: Passwords
Date: Wed, 26 Sep 2007 16:08:18 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro WebUser v5.1.12
Hi Graeme.

Authenticate for services like XIMSS/SIP using AD is for all a very hard task.
Could you help us more explaining "How can you keep an up-to-date password synchronized with CGate".
It is will be a very useful TIP.

Thanks,


-----Original Message-----
From: Graeme Fowler [mailto:G.E.Fowler@lboro.ac.uk]
Sent: Tuesday, September 25, 2007 10:35 AM
Subject: Re: Passwords


On Tue, 2007-09-25 at 16:44 +0100, Martin.Hepworth wrote:
http://lists.communigate.com/Lists/CGatePro/Message/91168.html
and other things in archive about handling AD/Kerberos authentication
well.

Bearing in mind that Darren has been chewing his own legs off in the
past over the local inability (not his, but local nonetheless) to get
full client/server Kerberos to work, might I suggest that:

1. If you (Darren) are running CGP on Linux, then you can use the PAM
module pam_krb5 to authenticate against your Active Directory for you
via an external authenticator. This is what we do for Webmail.

2. If you (Darren) are running CGP on Windows, then run it on a domain
controller or promote your CGP server to be a domain controller and then
authenticate against the local system.

Alternatively, use the method John Rudd just posted.

Our external authenticator does something similar to that simply so we
have a copy of up-to-date passwords kept within CGP itself - this way we
can make use of challenge/response or SASL methods such as those used by
SIP, XIMSS et al.

Graeme







#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster