[28947] in Kerberos
KERBEROS with LDAP
daemon@ATHENA.MIT.EDU (Andrea)
Thu Dec 27 09:30:14 2007
From: Andrea <acirulli@gmail.com>
Date: Thu, 27 Dec 2007 06:22:08 -0800 (PST)
Message-ID: <84713117-0e97-4640-abe8-7b1a43be8c5b@v4g2000hsf.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all,
I'm experiencing some problem between authentication and authorization
through Kerberos and LDAP.
This is my situation:
I can authenticate on LDAP through the option -Y GSSAPI after having
obtained a valid TGT from the KDC.
I have some questions:
Is it possible to authenticate via Kerberos on LDAP without obtaining
prior a ticket (i.e. when i have to authenticate to the LDAP i want
that username/password was asked and then these username/password
allow to obtain the ticket from Kerberos). I'm asking this because i
want that this new mechanism be invisible from a user point of view.
Are there some solution to this problem or I need to implement by
myself a customized client that communicate with kerberos and then
with the ticket to LDAP^???
Another question is about how to map authentication to authorization
in LDAP. The example found was very simple with a flat LDAP, I'm in an
hard situation, with an extremely non-regular LDAP tree, how to find
the correct mapping to the correct identity???
Thanks in advance,
Andrea
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
