[OpenAFS] OpenAFS and LDAP
gug.ml
gug.ml@laposte.net
Thu, 11 Mar 2004 10:18:54 +0100
>Yes it can be done without Kerberos and use X509 certificates
>and TLS.=
GSI implements a GSSAPI mechanism that uses X509
>certificates and TLS=
to authenticate. The gssklog program on the
>client uses the gssapi to=
authenticate to the gssklogd
running on
>the AFS database servers. Th=
e gssklogd returns an AFS token
to the >client.
>gssklog can be used=
with any GSSAPI SO if you have so other
>implementation it should work.=
It also works with Kerberos GSSAPI
>implementations such as MIT, Heimda=
l, SEAM and Microsoft SSPI.
>And it runs on Windows.
>So with AFS yo=
u don't need a kaserver, but still need the PTS
>or some replacement for=
it. The AFS token is still Kerberos,
but the
>user never sees this, on=
ly the gssklog program which passes
it off
>to the kernel.
>In effe=
ct the gssklogd is issuing AFS tokens which are in
effect >Kerberos
>ti=
ckets used internally by AFS only.
Thank you,
i will see ...
Have=
you see an implementation to use with ldap ...
because at ftp://achille=
s.ctd.anl.gov/pub/DEE/README.GSSKLOG ,
we can use kerberos but not ldap =
...
thx in advance
=0A=0AAcc=E9dez au courrier =E9lectronique de La P=
oste : www.laposte.net ; =0A3615 LAPOSTENET (0,34=80/mn) ; t=E9l : 08 92 =
68 13 50 (0,34=80/mn)=0A=0A