Hallo Adam,thx for this great tip. It's a interessting thing for other machines that don't need LDAP authentification, but the most of our clients still running woody.
Do you know if kerberos authentification is more securly than ldap? Must i have also the SFU-Servies on the windows domain-controller installed?In first of all we need LDAP authentification for other services like ftp, http, php and so on. Thats why we also authentificate our users with ldap.
Greetings Mirko Adam Garside wrote:
Another option, if you just want authentication and not full mapping support via LDAP is to use Active Directory's Kerberos implementation. apt-get install libpam-krb5 krb5-config and edit /etc/pam.d/* to add relevant pam_krb5.so entries. You'll need to use sarge/sid if you authenticate to 2003 though since woody's kerberos implementation doesn't work with 2003 (though does with 2000). -- asg