[OpenAFS] LDAP authentication

John Rudd jrudd@ucsc.edu
Fri, 23 Sep 2005 19:37:29 -0700


On Sep 23, 2005, at 7:02 PM, Jiann-Ming Su wrote:

> On 9/23/05, S P Arif Sahari Wibowo <arifsaha@yahoo.com> wrote:
>>
>> Hmm, I have to read more. Did you mean Samba will act as
>> Kerberos authentication server, and therefore if I have LDAP as
>> Samba authentication backend, I can get OpenAFS to authenticate
>> to Samba?
>>
>
> I haven't actually configured it, but talking with one of my
> colleagues who's more knowledgeable about LDAP and Kerberos, it means
> that instead of storing the Samba password in LDAP, you can now
> authenticate to Samba using a Kerberos server.  This was not possible
> in previous versions of Samba.  So, if you're going to use OpenAFS and
> have to configure a Kerberos server for it, you can now use the new
> Samba and have it authenticate against the same Kerberos server.


Hm.  I wonder if that means you'll be able to use Samba as a full 
Active Directory server ... where AD allows you to do 
plain-text-password authentication, via LDAP, against your kerberos 
pass-phrase.  Makes it easier to integrate kerberos and applications 
that use an LDAP password (stored in LDAP, handled via ldap-compare, 
not via ldap-bind) for authentication.

That's completely off the topic of OpenAFS, but it might be useful here.