#3888 [RFE] Allow password migration using PAM passthrough functionality
Opened 10 years ago by nkinder. Modified 7 years ago

It would be nice to add the ability to migrate passwords to IPA from other authentication sources where SSSD is not available. This could be done by adding PAM passthrough functionality to the IPA bind operation plug-in for 389 DS. For an incoming LDAP bind operation, we would attempt to use PAM to authenticate the user. If the authentication via PAM is successful, we could use the pprovided password to generate the Kerberos keys for the user. 389 DS already has the PAM passthrough logic, which could be copied into the IPA bind operation plug-in.


I did the same in slapi-nis for trusted users support. We can reuse code from slapi-nis as it is more polished now.

Metadata Update from @nkinder:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

Login to comment on this ticket.

Metadata