Le 19/08/2010 01:04, Bram Cymet a écrit : > Hi, > > I am working on using Kerberos and LDAP together. Replacing the kdb with > LDAP seems simple enough. I guess you're speaking of KDC, and I don't know why you would like to replace the KDC by the LDAP server.
> What I am wondering is: is it possible to send > back Authorization details from LDAP with the Kerberos ticket or do > Applications have to talk directly to LDAP to get the users > Authorization details? Kerberos is an authentication protocol only, excepted in Microsoft world. It can only tells you "this is an authenticated user". If you want to apply user-based, or group-based, authorizations to an application, you have to use a suitable backend, such as an LDAP server. And they are really few applications able to authenticate in one place, and authorize from one other. The only one I know are Apache, PAM and Radius because you configure the whole authentication/authorization stack. -- BOFH excuse #53: Little hamster in running wheel had coronary; waiting for replacement to be Fedexed from Wyoming
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
