Re: [Hampshire] Happy Happy Joy Joy

トップ ページ

このメッセージに返信
著者: Vic
日付:  
To: Hampshire LUG Discussion List
題目: Re: [Hampshire] Happy Happy Joy Joy
> Surely it's really only LDAP + Kerberos + custom LDAP schema?
> You can authenticate directly against AD as it stands using only pam_ldap
> and
> pam_krb5 - no samba requirement at all.


AIUI, the Privilege Attribute Certificate (PAC) screws things up royally.

I'm no expert, but what I've read seems to say that AD blurs the line
between authentication and authorisation - whether this is to try to
squeeze some performance out of it or to frustrate interoperability is a
matter of debate...

Vic.