Kerberising applications on linux

S Krithika skrithika at
Thu Sep 1 11:31:12 EDT 2005


   I'm interested in understanding what interfaces are available to
Kerberise a linux FTP server.  There are two sections, basically
authentication and authorisation that we should be focusing on right?

a. Authentication - We can  use kerberos authentication  - That is FTP
server will accept the kerberos ticket and authenticate the user. For
this GSS APIs can be used to accept_context and process further data.

b. The second step is to Authorise. - We need to use the authentication
information obtained from kerberos and refer to a directory ( a database
that has the user rights, access, etc..) for authorisation. OpenLDAP can
be used to access the database, but how do I provide the authentication
information from kerberos to OpenLDAP?
Can someone give me pointers on what interfaces  I need to use to
accomplish this? I'm lost with GSSAPIs, SASL APIs,  PAM Kerberos, etc..
What is the best way to implement authentication and authorisation on a
kerberised environment?


More information about the krbdev mailing list