MIT Kerberos LDAP backend
Booker Bense
bbense at telemark.slac.stanford.edu
Thu Nov 8 14:27:55 EST 2007
In article <mailman.85.1194545353.9118.kerberos at mit.edu>,
Mr J.A. Gilbertson <jgilbert at liverpool.ac.uk> wrote:
>
>And we had hoped this could be achieved without having to create a
>duplication of all our user data into a Kerberos specific database, or
>for Kerberos to require to add any data to our LDAP server since it's
>basically read-only as it's populated from elsewhere.
>
>>From what I read of the Kerberos LDAP backend plugin, is that it can't
>just be configured to look at our existing LDAP server and it's
>associated structure when a user tries to login to something via
>Kerberos, and use its own non-LDAP database for tickets and whatever
>other information is needed.
>
You would have to write a whole bunch of code to make that work
and sync'ing passwords/keys between the two systems would be even
more work. Please don't take this the wrong way, but the fact
that you're asking this question leads me to believe that you
really don't understand the kerberos protocol at all. I'm not
saying you need to know the bit fields on the wire to deploy it,
but to use it successfully you really need to understand some
basic details about what it can and can't do.
_ Booker C. Bense
More information about the Kerberos
mailing list