I have compiled and installed the pam_ldap module on KE to help us with the authentication difficulties.
FreeRADIUS was failing under the load of authentications this morning, since it was running in single threaded mode on SHANTI. To get around this, I found and compiled the FreeBSD package for the pam_ldap PAM module. This shifts the bulk of our network authentications (e-mail) from RADIUS to directly querying LDAP.
Unfortunately, it seems that the SSL portions of pam_ldap aren’t happy on KE, even though it worked fine on my workstation. Nevertheless, I believe we have a relatively stable authentication system at the moment.
Update
SSL is working fine now. It required the setting host directory.earlham.edu rather than the IP address so that it could verify the certificate. I tested this on HEIWA, and now it, too, is using pam_ldap in place of RADIUS.
Posted by Rowan Littell at May 19, 2003 11:27 AM, updated 08:21 AM May 20, 2003