Kerberos integration help needed
Turbo Fredriksson
turbo at bayour.com
Fri Feb 6 01:38:20 EST 2004
>>>>> "Prakash" == Prakash Menon <pmenon at campuseai.org> writes:
Prakash> I have a question. Is Kerberos LDAP compliant system.
Prakash> Is it possible to make an LDIF formated file out of
Prakash> Kerberos to upload to another LDAP system.
No.
Prakash> Basically I
Prakash> want to migate Kerberos user authetication in to an LDAP
Prakash> system ( OID-oracle internet directory). Or is there any
Prakash> other way .
If it was possible to 'de-crypt' or othervise convert a Kerberos password,
ANYONE (basicly) could do it and then it wouldn't solve the problem it was
designed to solve - be a secure authentication system on insecure networks.
BUT (there's always a but, isn't there :). It IS possible to use an (Open)LDAP
server as password/kerbers storage/backend. But this is only possible using
KTH Heimdal. Wether you WANT this is another question (I'm no longer very happy
with it, once I've thought of it a year or so :).
Why not go the other way instead? Use LDAP as the 'primary' backend, and then
do SASL/Kerberos for actual authentication?
http://www.bayour.com/LDAPv3-HOWTO.html
More information about the Kerberos
mailing list