[28522] in Kerberos
Re: Using LDAP in place of .k5login
daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Tue Oct 2 19:32:44 2007
From: "Simon Wilkinson" <simon@sxw.org.uk>
Date: 03 Oct 2007 00:29:00 +0100
To: <deengert@anl.gov>
Message-ID: <3274216174.1623552@relay.gradwell.net>
Cc: jos@catnook.com, kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Does anyone have any mods to use LDAP to store the auth_to_local
>database?
Somewhere or another I've got patches allowing this to be deferred to a daemon that's contacted through a Unix socket (library provides principal and username, dameon says yes or no). I never really got past prototyping this as a proof of concept, and we've never got round to using it in production, but I can dig out the code if anyone is interested. In the case you're discussing it would allow the LDAP lookups to be performed 'out-of-process'.
S.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos