[29630] in Kerberos
Samba authentication to Kerberos via OpenLDAP, third and last try
daemon@ATHENA.MIT.EDU (Wes Modes)
Thu Apr 3 16:44:44 2008
Message-ID: <47F54195.5050206@ucsc.edu>
Date: Thu, 03 Apr 2008 13:44:05 -0700
From: Wes Modes <wmodes@ucsc.edu>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I've asked a similar question on this list, the OpenLDAP list, and on
the Samba list. And while this question has the least to do with
Kerberos, I received the more helpful answers here. As I come to
understand the software I'm dealing with, I can chisel down to the heart
of what I need to know. I ask you to consider what I'm asking remotely
possible, and then seek a solution. Consider this a challenge or a riddle.
1. I have an OpenLDAP directory server that I am using for user and
group information. I would like to use it also to authenticate
against. This way, whatever I hook up to it (Samba, webstuff, PHP
apps, CMS) can both authenticate and authorize from one source.
2. There is a separate Kerberos server that has users' campus-wide
passwords. I have access to it, but do not control it.
3. I have a separate linux file server running Samba. PCs and Macs
will connect to it.
I know I can do Kerberos authentication directly from Samba, but I'd
prefer OpenLDAP do the Kerberos connection. Here's why: a) I can solve
the problem once, rather than have to work out BOTH LDAP and Kerberos
connections for every new authenticated service I add, and b) LDAP hooks
are more common than Kerberos hooks for other services for which I will
eventually want authentication and authroization. And yes, I know it
breaks the Kerberos model.
The question and the challenge: Any leads on how I might convince Samba
to pass the input password on to OpenLDAP so that OpenLDAP can
authenticate it against Kerberos?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
