MIT Kerberos LDAP backend
Mr J.A. Gilbertson
jgilbert at liverpool.ac.uk
Thu Nov 8 05:59:23 EST 2007
On Thu, 8 Nov 2007, Ken Raeburn wrote:
> On Nov 6, 2007, at 09:40, John Gilbertson wrote:
>> Thanks for the link, but I'm not sure if that will do what we need.
>> We're not looking to replace NIS or the like, just add Kerberos as an
>> authentication route for various programs with Kerberos support.
>
> Does this mean you're using LDAP for authentication, and looking for a way
> Kerberos programs can use the LDAP setup you've already got? That's not how
> the LDAP backend works; it's for doing authentication the Kerberos way, except
> the database is stored in LDAP. The data we store is entirely different from
> what LDAP authentication uses; you can't just layer one on top of the other.
>
> Ken
Thanks for clearing this up, the documentation wasn't entirely clear
about how the LDAP module worked or what it's intended use was for.
We had been hoping that it woudl provide a painless way to get a
Kerberos-aware interface to our user directory.
Do you know of any other method whereby we would be able to effectively
let Kerberos delegate the authentication step to LDAP, and then carry on
as if that part had been done itself?
Or is the only solution to duplicate all user data into Kerberos, and
then frequently sync the two?
--
John Gilbertson
The University of Liverpool
More information about the Kerberos
mailing list