[OpenAFS-devel] AFS Authentication through LDAP
Ted Anderson
ota@transarc.com
Mon, 31 Dec 2001 14:26:49 -0500 (EST)
On Sat, 22 Dec 2001 02:44:54 -0500 Jim Doyle <doyle@world.std.com> wrote:
> Ilya wrote:
> > Does anyone know if LDAP authentication exists for (Open)AFS? The goal
> > would be for AFS to issue tokens based on LDAP server authentication.
> 2. PTServer interfaces would have to be grafted to LDAP lookups.
>
> Further, The PTServer APIs are deeply connected to the fileserver,
> particularly the semantics of transactional updates -- this will make
> the LDAP integration tough since I believe the LDAP protocol provides
> no support for transactions..
Ubik's transaction support that the PTServer provides is really only
needed when doing updates. This is important when creating users and
perhaps for various administrative tools. However, the fileserver only
needs to look up the name/id mappings and get a user's group list. This
doesn't rely on transactional semantics. It should be possible to write
an LDAP wrapper that implements the PTServer API. This should be
sufficient to keep user applications (like klog) and the fileserver
happy.
Ted Anderson