LDAP gateway for Kerberos

Phil Dibowitz phil at usc.edu
Sat Oct 30 00:30:41 EDT 2004


On Sat, Oct 30, 2004 at 04:08:35AM +0000, Donn Cave wrote:
> Quoth halford2069 at hotmail.com (talisman):
> | is there such a thing as a ldap gateway for kerberos i.e.
> |
> | the ldap gateway piece of software accepts ldap searches and returns
> | basic user info from kerberos, and accepts a bind and passes that
> | through to kerberos and returns success/failure back to the ldap
> | client?
> 
> You can find an LDAP implementation that supports Kerberos
> authentication at http://www.openldap.org/ (plus Cyrus SASL),
> and I imagine there are others.  Such an implementation would
> allow a client to use Kerberos credentials to authenticate
> during bind.
> 
> The part about basic user info from Kerberos is not so obvious,
> inasmuch as, in general, there isn't any useful user info there.
> Some, maybe most, environments that use Kerberos also have a user
> database with all kinds of information, but if that's what you
> want, you'll have to ask about that (hypothetical) database.

Note that Notre Dame university (I think) wrote a plugin to grab password from
kerberos (or rather do authentication through kerberos) so that the Sun One
Messaging Server (or whatever its called these days) could run without the
passwords in LDAP.

I don't know if that helps you or not.

-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041029/d2533c1b/attachment.bin


More information about the Kerberos mailing list