[8775] in Info-AFS_Redistribution
Re: Delegate authentication to LDAP?
daemon@ATHENA.MIT.EDU (Derrick J Brashear)
Thu Dec 20 19:07:16 2001
Date: Thu, 20 Dec 2001 19:02:36 -0500 (EST)
From: Derrick J Brashear <shadow@dementia.org>
To: info-afs@transarc.com
In-Reply-To: <4.3.2.7.2.20011219145648.00b65940@mail.webquarry.com>
Message-ID: <Pine.LNX.3.96L.1011220190031.1507K-100000@scully.trafford.dementia.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 20 Dec 2001, Peter Scott wrote:
> Hello. We have upmteen enterprise services with separate authentication
> registries and hence passwords to remember, and in the selection of a
> common authentication registry, LDAP has won the battle. More third-party
> apps that we're interested in can be pointed at an LDAP server than at
> Kerberos; that's just the way it is.
Wow, more backward than Microsoft;-)
> It would be nice to eliminate another password and have people's AFS
> passwords be their LDAP passwords. So the question is, is it possible to
> make either AFS delegate authentication to LDAP, or vice-versa? I've
> searched around and not come up with anything so far.
vice-versa
> The LDAP people would greatly prefer that AFS used them rather than the
> other way around.
I bet. The other way around can be done by treating AFS passwords as
Kerberos passwords; OpenLDAP at least supports Kerberos authentication,
and you're done. Would that fit within the scope of what you need?
