In article <[EMAIL PROTECTED]>, Mr J.A. Gilbertson <[EMAIL PROTECTED]> wrote:
> >And we had hoped this could be achieved without having to create a >duplication of all our user data into a Kerberos specific database, or >for Kerberos to require to add any data to our LDAP server since it's >basically read-only as it's populated from elsewhere. > >>From what I read of the Kerberos LDAP backend plugin, is that it can't >just be configured to look at our existing LDAP server and it's >associated structure when a user tries to login to something via >Kerberos, and use its own non-LDAP database for tickets and whatever >other information is needed. > You would have to write a whole bunch of code to make that work and sync'ing passwords/keys between the two systems would be even more work. Please don't take this the wrong way, but the fact that you're asking this question leads me to believe that you really don't understand the kerberos protocol at all. I'm not saying you need to know the bit fields on the wire to deploy it, but to use it successfully you really need to understand some basic details about what it can and can't do. _ Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
