Chapter 16 Using The Pass-Through Authentication Plug-In; How Directory Server Uses Pta - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Pass-through authentication (PTA) is a mechanism by which one Directory Server
consults another to authenticate bind requests. The PTA Plug-in provides this
functionality, allowing a Directory Server to accept simple bind operations
(password-based) for entries not stored in its local database.
Red Hat Directory Server (Directory Server) uses PTA to allow you to administer
your user and configuration directories on separate instances of Directory Server.
This chapter describes the PTA Plug-in in the following sections:
• How Directory Server Uses PTA (page 513)
• PTA Plug-in Syntax (page 515)
• Configuring the PTA Plug-in (page 518)
• PTA Plug-in Syntax Examples (page 523)

How Directory Server Uses PTA

If you install the configuration directory and the user directory on separate
instances of Directory Server, the installation program automatically sets up PTA
to allow the Configuration Administrator user (usually
administrative duties.
PTA is required in this case because the
o=NetscapeRoot
user directory as
transmit the credentials to the configuration directory, which verifies them. The
user directory then allows the
Pass-through Authentication Plug-in
in the configuration directory. Therefore, attempts to bind to the
would normally fail. PTA allows the user directory to
admin
admin
admin
user entry is stored under
admin
user to bind.
Chapter 16
Using the
) to perform
513