Kerberising applications on linux
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Sep 1 14:58:39 EDT 2005
The FTP client and server that come with MIT Kerberos are already Kerberized
and they use GSSAPI. See RFC 2228 for the specifications on how to add
security
extensions to FTP if you still find it necessary to do it yourself.
-Wyllys
S Krithika wrote:
>Hi,
>
> I'm interested in understanding what interfaces are available to
>Kerberise a linux FTP server. There are two sections, basically
>authentication and authorisation that we should be focusing on right?
>
>a. Authentication - We can use kerberos authentication - That is FTP
>server will accept the kerberos ticket and authenticate the user. For
>this GSS APIs can be used to accept_context and process further data.
>
>b. The second step is to Authorise. - We need to use the authentication
>information obtained from kerberos and refer to a directory ( a database
>that has the user rights, access, etc..) for authorisation. OpenLDAP can
>be used to access the database, but how do I provide the authentication
>information from kerberos to OpenLDAP?
>
>Can someone give me pointers on what interfaces I need to use to
>accomplish this? I'm lost with GSSAPIs, SASL APIs, PAM Kerberos, etc..
>What is the best way to implement authentication and authorisation on a
>kerberised environment?
>
>Thanks,
>Krithika.
>
>_______________________________________________
>krbdev mailing list krbdev at mit.edu
>https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
More information about the krbdev
mailing list