Is there a way to store "user data" along with principals?

Mikhail T. mi+thun at aldan.algebra.com
Wed Jul 28 16:07:23 EDT 2010


Hello!

I need to write a utility, that will perform certain tasks on an outside 
web-site (via SOAP). The utility needs to authenticate itself to the 
site every time it runs with a username and password.

Different users (far from all!) ought to be able to run the utility on 
our servers and they should not have direct access to those credentials 
themselves.

We use Kerberos here -- it is the only service that's universally 
reachable throughout our network.

This got me thinking -- can we store these outside credentials as some 
sort of user-data attached to the principals of the people authorized to 
run the utility? Is there a way to associate data with the principals, 
that's meaningless to Kerberos itself, but which would be provided 
verbatim, whenever the successful authentication takes place?

Thanks! Yours,

    -mi




More information about the Kerberos mailing list