[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Crazy idea - Hybrid Authentication
- To: openldap-software@OpenLDAP.org
- Subject: Crazy idea - Hybrid Authentication
- From: Gary Allen Vollink <gvldap@corvu.com>
- Date: Mon, 03 Nov 2003 14:01:23 -0600
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031014 Thunderbird/0.3
I am aware of the possibility that this is an SASL question rather than
an OpenLDAP one. If this is the case, please kindly let me know.
Is it possible to set up OpenLDAP so that users can connect to OpenLDAP
and be authenticated to Kerberos if such an account exists, but
authenticated to plain text otherwise? Only failing after being tried
against both.
That is to say if I am logging into LDAP as "gvldap" that it should try
gvldap@CORVU.COM on my Kerberos domain, but failing that it would revert
to checking the password using the userPassword attribute in my LDAP
directory. "dn: uid=gvldap,dc=corvu,dc=com"
For those whom are wondering what the heck I'm thinking... This is for
a web site that is equally authenticated for customers and employees -
and I don't want to Kerberize all of my customer accounts (as the value
of this is not worth the time), but I do want to Kerberize my employee
accounts - as these will be used for system access as well as Web site
access.
Thank you,
Gary Allen Vollink