[8774] in Info-AFS_Redistribution
Delegate authentication to LDAP?
daemon@ATHENA.MIT.EDU (Peter Scott)
Thu Dec 20 17:55:30 2001
Message-Id: <4.3.2.7.2.20011219145648.00b65940@mail.webquarry.com>
Date: Thu, 20 Dec 2001 14:48:00 -0800
To: info-afs@transarc.com
From: Peter Scott <Peter.J.Scott@jpl.nasa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hello. We have upmteen enterprise services with separate authentication
registries and hence passwords to remember, and in the selection of a
common authentication registry, LDAP has won the battle. More third-party
apps that we're interested in can be pointed at an LDAP server than at
Kerberos; that's just the way it is.
It would be nice to eliminate another password and have people's AFS
passwords be their LDAP passwords. So the question is, is it possible to
make either AFS delegate authentication to LDAP, or vice-versa? I've
searched around and not come up with anything so far.
The LDAP people would greatly prefer that AFS used them rather than the
other way around. Just because I can't conceive of how this could be
possible doesn't mean that someone a lot smarter than me hasn't figured out
a way, so I'm asking. Can anyone point to an implementation that has
managed to get either AFS to authenticate from LDAP or vice-versa?
--
Peter Scott
Peter.J.Scott@jpl.nasa.gov
