Wallet: LDAP
Jan-Piet Mens
jpmens.dns at gmail.com
Wed Jun 13 09:45:38 EDT 2012
I think I'm getting the hang of Wallet (0.12) even though I have a pile
of questions (mainly concerning ACLs) I'll save for another time. :)
A bit of `grep' through documentation and source show that the LDAP
verifyer (I believe that's the term) hasn't been implemented yet. I
neither have (nor want) a full NetDB implementation so I thought I'd try
to "fool" it, and I'd basically like confirmation that I'm on the right
track.
What I want is to authorize Wallet principals (users & hosts) against
LDAP.
I've configured NETDB_{REMCTL_CACHE,HOST} in `wallet.conf'. I've also
added a small script to `remctl.conf':
netdb node-roles /usr/local/bin/mynetdb ANYUSER
All of that works.
`mynetdb' is:
#!/bin/sh
# handle args
# argv[1] contains principal requested by Wallet client
# argv[2] contains "name" (or is that role name?) in
# Wallet ACL
# do the magic: find principal, etc. and:
echo "user"
exit 0
The Wallet client reacts correctly to that output; if my script returns
anything other than "admin", "user" or "team" (gleaned from ACL::NetDB)
or exits with 1, the Wallet client tells me the principal is not
authorized to get the requested object.
Am I on the right track or is all of this horribly wrong?
And since I don't know anything of NetDB: what is the difference (as far
as Wallet is concerned) between user, team and admin?
-JP
More information about the Kerberos
mailing list