[Fedora-directory-users] Problems with sasl authentication
David Boreham
david_list at boreham.org
Tue Aug 30 12:51:51 UTC 2005
>
>Hmm... What I'm trying to accomplish here is a configuration where users
>authenticate to the ldap server with username/password (no kerberos
>ticket) and their password is checked from kerberos. Is this possible
>to do with the standard plugins? I've had a hard time trying to figure
>out how to do this... =) The idea in this is that we'd like to have
>a single service for authenticating users, even for services that do not
>support kerberos.
>
>
This isn't supported in the current code.
>If it's not possible, I'll look into writing a plugin that does this.
>
>
Sounds good. First you'd need to figure out how to perform a proxied
authentiation
against kerberos. With the existing SASL/GSSAPI mechanism we don't need
to do
that because we're simply passing through the authentication payload
between GSSAPI
and the client. Presumably you'd need to do whatever 'kinit' does, but
inside the DS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050830/413eb684/attachment.htm>
More information about the Fedora-directory-users
mailing list