[OpenAFS-devel] AFS Authentication through LDAP

[Jim Doyle]

> Does anyone know if LDAP authentication exists for (Open)AFS?  The goal
> would be for AFS to issue tokens based on LDAP server authentication.

I know of no such solution.

Two things would be needed:

1. Kaserver or the Kerberos 5 KDC would need to be modified to retrieve
   principal and private key date from LDAP instead of their own private
   Berkeley DB style backends.

2. PTServer interfaces would have to be grafted to LDAP lookups.

Further, The PTServer APIs are deeply connected to the fileserver,
particularly the semantics of transactional updates -- this will make the
LDAP integration tough since I believe the LDAP protocol provides no
support for transactions..

Still, it would be great to unify things..

I'm sure someone else will come along and say "Can we not use LDAP and
instead retrieve principal and group list data from XML Schema using
blah blah blah backend".

-- Jim