[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Use GSSAPI Mechanism to authenticate against openldap server

To: "S.B." <Seb.ADIO@gmx.de>, openldap-software@OpenLDAP.org
Subject: Re: Use GSSAPI Mechanism to authenticate against openldap server
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 23 Nov 2004 14:43:56 -0800
Content-disposition: inline
In-reply-to: <41A3C5E2.27422.181043@localhost>
References: <41A251EA.18632.3DCFCE@localhost> (S. B.'s message of "Mon, 22 Nov 2004 20:54:02 +0100") <41A3C5E2.27422.181043@localhost>

--On Tuesday, November 23, 2004 11:21 PM +0100 "S.B." <Seb.ADIO@gmx.de> wrote:


this is right pam_krb5 is the right for authentication. We actually use
this for  authorisatzion. But the client should get its account data
(e.g. uid, home directory) from  Openldap, but actually the Client makes
an anonymous bind and he should make an  GSSAPI bind with the
Kerberos-Data because we have now found a solution to allow  only GSSAPI
requests. In /etc/ldap.conf we can give him a bind-dn, but the client
should  authenticate with the Kerberos-Ticket of the users.

That is because nss_ldap has no idea how to use the users credentials to bind. So it won't work without some development, etc. Anyhow, this is off topic for this list at this point.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Use GSSAPI Mechanism to authenticate against openldap server
  - From: "S.B." <Seb.ADIO@gmx.de>
- Re: Use GSSAPI Mechanism to authenticate against openldap server
  - From: "S.B." <Seb.ADIO@gmx.de>

Prev by Date: Re: Use GSSAPI Mechanism to authenticate against openldap server
Next by Date: Newbie needs help!
Index(es):
- Chronological
- Thread