Versions Compared

Old Version 14

changes.mady.by.user mhodges

Saved on

compared with

New Version Current

changes.mady.by.user mhodges

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Table of Contents
indent20px
excludeTable of Contents

Overview

To use LDAP to authenticate users on Windows PCs, you can use the pGina dynamically linked library. pGina is available from http://pgina.org.

Setup instructions are available in the document, Configuring pGina for LDAP Authentication For Windows XP.

In the section, Configure pGina, you can leave the Admin User and Admin Pass values blank if you don't need to authenticate UH students. This is because students are not publicly visible in LDAP and can't be found unless a special DN and password is used to connect to the directory server. Faculty and staff are publicly visible in LDAP so no Admin User and Pass are needed.

If you want to authenticate UH students, you will need to request a special DN.

 You will require a Special DN.  They can be requested here.

Windows 7 users may need to add the IP address and hostname for the UH LDAP server, ldap1.its.hawaii.edu, to the Windows hosts file.

...

  • hawcc — Hawaii Community College
  • hcc — Honolulu Community College
  • kcc — Kapiolani Community College
  • kauaicc — Kauai Community College
  • lcc — Leeward Community College
  • mauicc — Maui Community College
  • wcc — Windward Community College
  • uhh — University of Hawaii at Hilo
  • uhm — University of Hawaii at Manoa
  • uhwo — University of Hawaii – West Oahu
  • rcuh — Research Corporation of UH

...

Questions and Answers

Question: Does pGina store passwords?

...

pGina does not have a "repository of hashed windows passwords." Are you referring to the Windows local account store (SAM)? pGina works (in a typical LDAP-based configuration) by creating a local Windows account that has the same username and password as the LDAP account. That local account may be deleted after the user has logged out, if the Local Machine plugin is configured to do so. If it is not configured to do so, there may be a set of local accounts that is a subset of the LDAP accounts (those users who have logged on to the machine). Those accounts may or may not have the same password as the LDAP accounts depending on how the Local Machine plugin is configured (see the "Scramble
password after logout" option). For more information, please take a look at the documentation for the Local Machine plugin, and the pGina user's guide. Let me know if there is something that could be more clear.
o http://pgina.org/docs/local_machine.html
o http://pgina.org/docs/user.html
Thanks,
David