[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Credentials forwarding
Hi all!
Is it possible to do kerberos ticket forward to the ldap server
space over the SASL/TLS encrypted channel?
It is very useful with some sort of backend databases.
In this case user if successfully authenticating using ldap_bind (or similar)
can be optionally pass credentials(tgt) to server's memory.
Than this credentials can be passed to backend databases.
This would solve many current problems with ldap<->"external service" (such as
kerberos kadmin, oracle, etc..) authentication without required root(superuser)
access to services from the ldap server.
Any suggestions?
Konstantin.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Konstantin Kunshchikov, system programmer, Elbrus Inc, kvk@elbrus.ru