[OpenAFS] LDAP authentication
John Rudd
jrudd@ucsc.edu
Fri, 23 Sep 2005 19:37:29 -0700
On Sep 23, 2005, at 7:02 PM, Jiann-Ming Su wrote:
> On 9/23/05, S P Arif Sahari Wibowo <arifsaha@yahoo.com> wrote:
>>
>> Hmm, I have to read more. Did you mean Samba will act as
>> Kerberos authentication server, and therefore if I have LDAP as
>> Samba authentication backend, I can get OpenAFS to authenticate
>> to Samba?
>>
>
> I haven't actually configured it, but talking with one of my
> colleagues who's more knowledgeable about LDAP and Kerberos, it means
> that instead of storing the Samba password in LDAP, you can now
> authenticate to Samba using a Kerberos server. This was not possible
> in previous versions of Samba. So, if you're going to use OpenAFS and
> have to configure a Kerberos server for it, you can now use the new
> Samba and have it authenticate against the same Kerberos server.
Hm. I wonder if that means you'll be able to use Samba as a full
Active Directory server ... where AD allows you to do
plain-text-password authentication, via LDAP, against your kerberos
pass-phrase. Makes it easier to integrate kerberos and applications
that use an LDAP password (stored in LDAP, handled via ldap-compare,
not via ldap-bind) for authentication.
That's completely off the topic of OpenAFS, but it might be useful here.