Guys... (and ladies)
Sorry long post...
Am migrating my moodle from my long suffering (and noisy) Ubuntu 12.04 box that sits in my office to a virtual machine on new "Uber" hardware.. "somewhere else"
I am currently using the NTLM/LDAP SSO. And that has been working very well. But was a REAL pain to set up.
As part of the migration I have been looking around to see if there is an easier way than the old kerberos/winbind/compile this/hack that etc etc. Plus I am under the impression that NTLM auth is not going to be supported by MS for much longer and we are moving to kerberos.
I found some software from centrify.com called Centrify Express (free). Very tasty. Basically does all of the tedium of adding a machine to the domain etc etc. Even with Read Only Domain Controllers (2008 R2) on site, and crippled admin accounts....
Centrify does have an Apache module, but that costs money and seems to be causing problems with their licensing model. But it does have Kerberos/NTLM ready to go.. apparently. I have not played with it..
BUT, the Centrify support chap said that PAM should work in Express and he had it working. So I installed the php_pam. Now to the problems
1. There is ZERO doc out there on how to integrate PAM into moodle. They talk about PAM but not on how to implement it. BTW ....apparently the PAM in the Ubuntu disto is being deprecated ? Had to pecl pam.... I reckon the Centrify support guy may help me .. but I am starting to stretch the friendship..
2. It appears that the PAM authentication does not "provision" information from AD into the moodle users database like the LDAP one does.
3. Is it possible to integrate PAM into the LDAP module like you have done with NTLM and Kerberos. ? is this a good thing ? Is it hard ? Will it take long ?
Suggestions
Peter