Kerberos integration help needed

Turbo Fredriksson turbo at bayour.com
Fri Feb 6 01:38:20 EST 2004


>>>>> "Prakash" == Prakash Menon <pmenon at campuseai.org> writes:

    Prakash> I have a question.  Is Kerberos LDAP compliant system.
    Prakash> Is it possible to make an LDIF formated file out of
    Prakash> Kerberos to upload to another LDAP system.

No.

    Prakash> Basically I
    Prakash> want to migate Kerberos user authetication in to an LDAP
    Prakash> system ( OID-oracle internet directory).  Or is there any
    Prakash> other way .

If it was possible to 'de-crypt' or othervise convert a Kerberos password,
ANYONE (basicly) could do it and then it wouldn't solve the problem it was
designed to solve - be a secure authentication system on insecure networks.



BUT (there's always a but, isn't there :). It IS possible to use an (Open)LDAP
server as password/kerbers storage/backend. But this is only possible using
KTH Heimdal. Wether you WANT this is another question (I'm no longer very happy
with it, once I've thought of it a year or so :).

Why not go the other way instead? Use LDAP as the 'primary' backend, and then
do SASL/Kerberos for actual authentication?

http://www.bayour.com/LDAPv3-HOWTO.html


More information about the Kerberos mailing list