[27988] in Kerberos
active directory auth against MIT via AD-LDAP
daemon@ATHENA.MIT.EDU (Dave Botsch)
Wed Jun 27 17:32:42 2007
Date: Wed, 27 Jun 2007 17:32:20 -0400
From: Dave Botsch <botsch@cnf.cornell.edu>
To: kerberos@mit.edu
Message-ID: <20070627213220.GZ32688@puff.cnf.cornell.edu>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
So, one can set up Active Directory to authenticate against a MIT kerberos
server by setting up the cross realm trust and filling in the
altsecurityidentities field - then one sees the MIT Kerb realm in the Active
Directory login box. Fine.
What about if I want to be able to authenticate to those MIT realms via that
trust when I am connecting to the active directory ldap interface? So far, I
haven't found any documentation on whether or not this works or requires
additional configuration.
So,
ldap bind to AD-LDAP via SSL
ldap client enters in kerberos uname and password
active directory receives the username and password and via its kerberos trust,
obtains a tgt for the user
user is now authenticated via AD-LDAP
Does this work?
thanks!
--
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch@cnf.cornell.edu
********************************
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
