[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crazy idea - Hybrid Authentication

I am aware of the possibility that this is an SASL question rather than an OpenLDAP one. If this is the case, please kindly let me know.

Is it possible to set up OpenLDAP so that users can connect to OpenLDAP and be authenticated to Kerberos if such an account exists, but authenticated to plain text otherwise? Only failing after being tried against both.

That is to say if I am logging into LDAP as "gvldap" that it should try gvldap@CORVU.COM on my Kerberos domain, but failing that it would revert to checking the password using the userPassword attribute in my LDAP directory. "dn: uid=gvldap,dc=corvu,dc=com"

For those whom are wondering what the heck I'm thinking... This is for a web site that is equally authenticated for customers and employees - and I don't want to Kerberize all of my customer accounts (as the value of this is not worth the time), but I do want to Kerberize my employee accounts - as these will be used for system access as well as Web site access.

Thank you,
Gary Allen Vollink