5 Jan
2017
5 Jan
'17
12:30 p.m.
On Jan 5, 2017, at 12:28 PM, Brian Candler <b.candler@pobox.com> wrote:
My question is, what's the preferred way to authenticate requests which contain plaintext passwords, i.e. PAP, against S4/AD? rlm_mschap has hooks to talk to ntlm_auth or winbind, but rlm_pap doesn't.
It seems to me I could:
* use rlm_ldap, and do a bind using the user supplied password
* use rlm_krb5 (i.e. kerberos as a password oracle)
Either way is fine.
Is there another/better way?
Personally, I'd probably use LDAP. Alan DeKok.