[OpenAFS-devel] AFS Authentication through LDAP

[Ilya Gildenblat]

Does anyone know if LDAP authentication exists for (Open)AFS?  The goal
would be for AFS to issue tokens based on LDAP server authentication.

The reason we need to do this, is our corporate directory (with user names &
passwords) is stored in an iPlanet LDAP server, and it would be ideal to not
create and maintain yet another set of user credentials. This could also
potentially apply to Active Directory based authentication, I guess.

I've poked around the source code a bit and it seems that there would be two
ways of doing this.  Either, one could modify the way the authentication
server checks credentials or change the way AFS issues tokens.  I would
guess that the prior would be easier (perhaps in a way similar to Athena's
aklog?). I am rather new to the source code, so I may be off, however.

Has anyone done this?  If not, does anyone here see any complications in
doing what I suggest? Any other ideas?

Thanks,
Ilya -



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com