Third-party Authentication
Midgard supports two alternatives for third-party authentication: PAM and Trusted Authentication.
Trusted authentication uses regular Apache 2 authentication modules like Kerberos Single Sign-on. With Kerberos users who are authenticated in a Kerberos-enabled network like Active Directory are automatically recognized by Midgard.
PAM (Pluggable Authentication Modules) is a Unix system that lets applications authenticate with external password repositories. This means that users still log in using the normal authentication forms but use their network password instead of Midgard's local one.
Setting up third-party authentication
- PAM authentication with LDAP or Active Directory
- Kerberos single sign-on with Active Directory
- NTLM single sign-on (deprecated)
Local user records
Even with third-party authentication the user records must exist within the Midgard database so that authenticated users can be connected with group permissions and ownerships.
With many of the authentication methods Midgard usernames must be suffixed with the domain used in authentication. For example, when authenticating with PAM to Active Directory domain AD.EXAMPLE.NET, the usernames must be in format username@AD.EXAMPLE.NET in Midgard database.