[OpenAFS-devel] ldap as backend for afs???
Luke Howard
lukeh@padl.com
Thu, 20 Jan 2005 22:51:44 +1100
>I wont have single database in my local network for account information: for system account and for afs account.
>
>In google I found out three ideas:
>1)Using ldap as backend for kerberos. system use data directly from ldap and afs use same data from kerberos
There is an LDAP backend for Heimdal, some information is at:
http://www.padl.com/Research/Heimdal.html
>2)using kerberos as backend for ldap. afs try to directly use kerberos, others(system) use same data from ldap
I don't quite know what you mean here, but it is possible to use Kerberos
to authenticate to an LDAP directory (using GSS-API and SASL). This is
complementary to 1) above.
>I have no idea what is more usable, simple and what I may/must/have to use
Don't forget that Kerberos is an authentication service, not an authorization
service. AFS uses its Protection Server for maintaining authorization
information, which typically keeps its own database.
-- Luke
--