[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: windows authentication & openldap: explanation.

>It looks possible to replace ADS with OpenLDAP + Kerberos + very recent
>BIND + lots of private Microsoft schema definitions for which there is, so
>far as I know, no description which is both public and machine-readable.
>(And the human-readable spec. appears to be incorrect in some areas.)

There a number of key components that are not available yet in the
open source realm, such as SPNEGO, back-links, PAC signing, etc. We
have made some progress on this front, and independently the SAMBA
team are making great progress too. But it's a long way from ready.

>It just takes a loooong time to wrap up all the little pieces and make
>them play together nicely.  Someone will do it eventually.


-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com