[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos for auth through (not to) slapd

To: openldap-software@OpenLDAP.org
Subject: Kerberos for auth through (not to) slapd
From: Massimiliano Mirra <mmirra@cgspace.it>
Date: Wed, 01 Sep 2004 10:31:33 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3.50 (gnu/linux)

I'd like to store passwords in kerberos and all the rest in LDAP.
Some applications I need (notably qmail-ldap) only authenticate users
to LDAP through simple binds, so I'd like slapd to transparently query
kerberos to decide if a bind is allowed or not.  In other words,
qmail-ldap asks slapd if a user/pw authenticates, slapd asks kerberos
in turn, slapd tells qmail-ldap.

I managed to do this with sasldb2 using a `{sasl}username' value for
the userPassword attribute: other than slapd querying /etc/sasldb2,
everything works as planned.  What incantation is needed in place of
{sasl} to have slapd query kerberos instead?

(Stock .debs for Cyrus SASL 2.1.18, OpenLDAP 2.1.30, MIT Kerberos V
1.3.4)

Massimiliano

Follow-Ups:
- Re: Kerberos for auth through (not to) slapd
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>

Prev by Date: replication basic idea (newbie question)
Next by Date: adding jpegphoto in a OpenLDAP server with PHP
Index(es):
- Chronological
- Thread