[Date Prev][Date Next] [Chronological] [Thread] [Top]

Credentials forwarding



	Hi all!

Is it possible to do kerberos ticket forward to the ldap server
 space over the SASL/TLS encrypted channel?

It is very useful with some sort of backend databases.

In this case user if successfully authenticating using ldap_bind (or similar) 
can be optionally pass credentials(tgt) to server's memory.
Than this credentials can be passed to backend databases.

This would solve many current problems with ldap<->"external service" (such as
kerberos kadmin, oracle, etc..) authentication without required root(superuser)
access to services from the ldap server.

Any suggestions?

Konstantin.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Konstantin Kunshchikov, system programmer, Elbrus Inc, kvk@elbrus.ru