[8778] in Info-AFS_Redistribution
Re: Delegate authentication to LDAP?
daemon@ATHENA.MIT.EDU (Peter Scott)
Fri Dec 21 12:43:44 2001
Message-Id: <4.3.2.7.2.20011221093729.00b29860@mail2a.jpl.nasa.gov>
Date: Fri, 21 Dec 2001 09:38:51 -0800
To: Derrick J Brashear <shadow@dementia.org>, info-afs@transarc.com
From: Peter Scott <Peter.J.Scott@jpl.nasa.gov>
In-Reply-To: <Pine.LNX.3.96L.1011220190031.1507K-100000@scully.trafford.
dementia.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 07:02 PM 12/20/01 -0500, Derrick J Brashear wrote:
> > The LDAP people would greatly prefer that AFS used them rather than the
> > other way around.
>
>I bet. The other way around can be done by treating AFS passwords as
>Kerberos passwords; OpenLDAP at least supports Kerberos authentication,
>and you're done. Would that fit within the scope of what you need?
It might well, subject to the actual workability of it when taking into
account the cussedness of AFS Kerberos. The list may recall my recent and
ongoing battles with the OpenSSH code. If it works when the rubber meets
the road...
--
Peter Scott
Peter.J.Scott@jpl.nasa.gov
