[29325] in Kerberos
Re: Help with SASL/GSSAPI to remote Kerberos server
daemon@ATHENA.MIT.EDU (Sebastian Hanigk)
Wed Feb 20 11:00:17 2008
From: Sebastian Hanigk <hanigk@in.tum.de>
Date: Wed, 20 Feb 2008 16:49:11 +0100
Message-ID: <fphi5n$pgc$1@news.lrz-muenchen.de>
Mime-Version: 1.0
X-Complaints-To: newsmaster@lrz-muenchen.de
Mail-Copies-To: never
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
"Douglas E. Engert" <deengert@anl.gov> writes:
> As Jeff pointed out, not with GSSAPI. What you might be looking for
> is slapd code to take a username and password and do in effect a kinit
> and a verify tgt, or have a sasl plugin do it for your. I don't know
> of one.
There is an ugly hack: having a userPassword field with "{SASL}<Kerberos
principal>" in LDAP you can employ saslauthd's Kerberos backend. We use
it as a crutch for a web application which can only authenticate against
an LDAP directory (*cough* Zope *cough*).
Sebastian
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
