Implementing a KDB plugin

harsh savla harsh.savla at
Thu May 5 14:57:21 EDT 2016


I have a use case where I need to authenticate Kerberos principals against
a RESTful Cloud service. This service can talk to an Active Directory(AD)
which maintains the users passwords. On the client side we have a Linux
based VM which runs the MIT Kerberos server. It has also Samba running.

The idea is that end users map Samba share using map drive and enter their
Kerberos credentials. This hits our VM (specifically the krb5kdc service)
and we just pass these credentials to the cloud service which then
authenticates against the AD. Once authentication is successful, ticket is
given to the client.

So in this case the kdb plugin is going to have to talk to the cloud
service. Is it possible to implement this kind of plugin? I see that there
are a few kdb implementations already available under
krb5-1.14.2/src/plugins/kdb/ namely db2, hdb and  ldap.


More information about the krbdev mailing list