Re: [hylafax-users] hylafax and ldap.

[Lee Howard <faxguy@xxxxxxxxxxxxxxxx>]

Giuseppe Sacco wrote:

> with this setup I have some success and some failure, dependent from the
> os system and the hylafax version.

I've fixed the PAM support in HylaFAX+ 5.0.2.

The nature of the problems would usually cause PAM authentication to 
fail, however, in some PAM implementations the problems were not a 
problem... so OpenPAM users may have been okay with PAM the way it was 
while Linux users would not.  And, in past HylaFAX versions there were 
some major issues that caused authentication to succeed if PAM was 
merely attempted... despite the result of the PAM calls.  So that's why 
you see the success and failure as you have.  PAM with 5.0.2 should be 
fine now... works for me at least with pam_unix.so.

Dealing with PAM, but off the topic of this thread... The design of 
allowing users to authenticate with PAM *or* hosts.hfaxd makes it 
impossible for hfaxd to turn full authentication control over to PAM... 
which means that exotic pam usage (like fingerprint scanners or retina 
scanners ... or anything that's not similar to the traditional HylaFAX 
login method) will probably not work quite right.  In order to get these 
to work we'd need to add a "disable hosts.hfaxd authentication" feature 
and then recode the PAM support for that situation to turn full control 
over to PAM.  Authentication with things like ldap, sql, passwd, shadow, 
etc., should work fine now, though.

Lee.

____________________ HylaFAX(tm) Users Mailing List _______________________
 To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
 *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*