Index: openacs-4/packages/acs-authentication/www/doc/xml/install.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/www/doc/xml/install.xml,v diff -u -r1.6 -r1.7 --- openacs-4/packages/acs-authentication/www/doc/xml/install.xml 7 Aug 2017 23:47:46 -0000 1.6 +++ openacs-4/packages/acs-authentication/www/doc/xml/install.xml 3 Sep 2024 15:37:30 -0000 1.7 @@ -14,7 +14,7 @@ Using Pluggable Authentication Modules (PAM) with OpenACS - OpenACS supports PAM authetication via the ns_pam module in AOLserver. + OpenACS supports PAM authentication via the ns_pam module in AOLserver. @@ -168,7 +168,7 @@ If the PAM domain defines a password command, you can set Password Management to PAM. If not, the PAM module cannot change the user's password and you should leave this option Disabled. - Leave Account Registration disabed. + Leave Account Registration disabled. Configure Batch Synchronization @@ -190,7 +190,7 @@ You do not want to make users remember yet another password and username. If you can avoid it you do not want to store their passwords either. This document should help you set your system up so your users can seamlessly log in to your OpenACS instance using the password they are accustomed to using for other things at your institution. Background - The original OpenACS LDAP implementation (which has been depreciated by this package) treated the LDAP server as another data store similar to Oracle or Postgresql. It opened a connection using a privileged account and read or stored an encrypted password for the user in question. This password was independent of the user's operating system or network account, and had to be synchronized if you wanted the same password for OpenACS. + The original OpenACS LDAP implementation (which has been deprecated by this package) treated the LDAP server as another data store similar to Oracle or Postgresql. It opened a connection using a privileged account and read or stored an encrypted password for the user in question. This password was independent of the user's operating system or network account, and had to be synchronized if you wanted the same password for OpenACS. Save their passwords? Sync passwords? Deal with forgotten password requests? No Thanks. Using ldap bind, you can delegate authentication completely to LDAP. This way you can let the IT department (if you are lucky) worry about password storage/synchronization/etc. The bind operation takes a username and password and returns a true of false depending on whether they match up. This document takes the 'bind' approach so that your users LDAP/AD password (or whatever else you use) can be used to login to OpenACS. Note on Account Creation