PAM authentication with LDAP
PAM authentication is a third party authentication mechanism supported by Midgard. It allows users to log in to Midgard using their LDAP or Active Directory accounts. In PAM authentication users log in to Midgard in the normal way. For single sign-on, see Kerberos single sign-on with Active Directory.
Setting up PAM authentication
In addition to regular Midgard installation, do the following:
Create Midgard pam config file /etc/pam.d/midgard:
auth required /lib/security/pam_winbind.so
Check your Samba configuration (smb.conf), it should contain something similar to following:
workgroup = YOUR_WORKGROUP_HERE
realm = YOUR_AD_DOMAIN_HERE
security = ads
winbind use default domain = true
Configure your Midgard Virtual Hosts to use PAM auth by editing the files under /etc/midgard/vhosts and adding the following to the VirtualHost declaration:
MidgardAuthType PAM
If you configure two virtual hosts which use the same Sitegroup and must use different authentication types, you can define which PAM service filename should be used for particular host.
MidgardPamFile `filename`
Filename should be created in /etc/pam.d directory. There is no limitation to number of files used by all virtual hosts. However one filename ( service name ) can be define per virtual host configuration.