[19291] in Kerberos
Re: NEWBIE Question: Kerberos and LDAP
daemon@ATHENA.MIT.EDU (Luke Howard)
Wed May 21 18:38:42 2003
From: Luke Howard <lukeh@PADL.COM>
Message-Id: <200305212234.IAA23122@au.padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: rtanner+kerberos@linfield.edu
Date: Thu, 22 May 2003 08:34:50 +1000
cc: kerberos@mit.edu
Reply-To: lukeh@PADL.COM
Errors-To: kerberos-bounces@mit.edu
>I'm an absolute newbie to kerberos trying to see how to fir it into our
>network and existing authentication schemes. Currently, LDAP represents
>the backend store for all passwords and users are authenticated against
>the LDAP server. Maintenance of the LDAP user/password data is built into
>our account management software, and numerous not-easily-kerberizable
>applications will continue to depend on it. In kerberos, there is a user
>principal (hoping my terminology is correct here) for each user in a
>particular domain. What I want to know is whether I can configure the KDC
>to validate the user credentials against the LDAP server as oppossed to
>having to maintain another separate credentials store.
You can't "authenticate" Kerberos principals against an LDAP server, but
you can use an LDAP server as storage for Kerberos principal information.
Heimdal includes such a backend, and both IBM and PADL have commercial
LDAP-backended KDCs.
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
