[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crazy idea - Hybrid Authentication

To: openldap-software@OpenLDAP.org
Subject: Crazy idea - Hybrid Authentication
From: Gary Allen Vollink <gvldap@corvu.com>
Date: Mon, 03 Nov 2003 14:01:23 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031014 Thunderbird/0.3

I am aware of the possibility that this is an SASL question rather than an OpenLDAP one. If this is the case, please kindly let me know.

Is it possible to set up OpenLDAP so that users can connect to OpenLDAP and be authenticated to Kerberos if such an account exists, but authenticated to plain text otherwise? Only failing after being tried against both.

That is to say if I am logging into LDAP as "gvldap" that it should try gvldap@CORVU.COM on my Kerberos domain, but failing that it would revert to checking the password using the userPassword attribute in my LDAP directory. "dn: uid=gvldap,dc=corvu,dc=com"

For those whom are wondering what the heck I'm thinking... This is for a web site that is equally authenticated for customers and employees - and I don't want to Kerberize all of my customer accounts (as the value of this is not worth the time), but I do want to Kerberize my employee accounts - as these will be used for system access as well as Web site access.

Thank you,
Gary Allen Vollink

Follow-Ups:
- Re: Crazy idea - Hybrid Authentication
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Re: slapd and checkpoint
Next by Date: bdb bad performance again (really need help)
Index(es):
- Chronological
- Thread