[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: kpasswd missing in action?
--On Friday, September 30, 2005 12:04 PM -0600 Michael Torrie
<torriem@chem.byu.edu> wrote:
Is there any way to restore the kpasswd binding function to openldap? I
realize that ideally sasl or kerberos binds directly are the way to go,
but unfortunately I can't do that for the majority of web applications
(most of which are 3rd party) that need to do ldap binds for
authentication. Without kpasswd support I am forced to put the
userPassword hashes directly in the ldap database itself, which is a
security problem. At least with the old {kerberos}username@DOMAIN
notation, even though the bind itself might have security implications I
wouldn't need to put the password itself in the database.
Is there a way to accomplish simple binding from these dumb 3rd party
apps with kerberos support?
Stanford has a kerberos based web authentication package available from:
http://webauth.stanford.edu
that might interest you. We are currently working on adding SPENGO support
for it as well. See Kurt's answer for other ideas.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin