[OpenAFS-devel] AFS Authentication through LDAP
Derek Atkins
warlord@MIT.EDU
22 Dec 2001 10:24:00 -0500
The problem is that "LDAP Authentication" is really a misnomer.
LDAP problems a centralized database for password storage, but
it is NOT a Network Authentication System ala Kerberos (upon
which AFS Authentication is based).
Even if you could graft the AFS utilities onto LDAP, you couldn't
use your existing passwords anyways (because they wont get you
Kerberos tickets).
-derek
"Ilya Gildenblat" <ilyag@yahoo.com> writes:
> Does anyone know if LDAP authentication exists for (Open)AFS? The goal
> would be for AFS to issue tokens based on LDAP server authentication.
>
> The reason we need to do this, is our corporate directory (with user names &
> passwords) is stored in an iPlanet LDAP server, and it would be ideal to not
> create and maintain yet another set of user credentials. This could also
> potentially apply to Active Directory based authentication, I guess.
>
> I've poked around the source code a bit and it seems that there would be two
> ways of doing this. Either, one could modify the way the authentication
> server checks credentials or change the way AFS issues tokens. I would
> guess that the prior would be easier (perhaps in a way similar to Athena's
> aklog?). I am rather new to the source code, so I may be off, however.
>
> Has anyone done this? If not, does anyone here see any complications in
> doing what I suggest? Any other ideas?
>
> Thanks,
> Ilya -
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available