--On Friday, December 09, 2005 3:28 PM +1300 Gerry Smyth <[EMAIL PROTECTED]> wrote:
Hi Daniel, One thought could be to use Kerberos V for authentication and use LDAP for authorisation tied in with pam (all on Linux of course). Your web application say assuming php is used would call the pam_auth module, which interrogates Kerberos. In this way, your web app is loosely coupled form the back-end of LDAP / Kerberos (although you may need to write an interface program to facilitate). Nevertheless, it would be worth the effort as you would be using the 'facade' design pattern and other web app could be used longside.
No need to write an interface program for that, Stanford already wrote an opensource solution that uses SASL/GSSAPI with Apache to access an LDAP V3 server for authorization.
<http://webauth.stanford.edu> --Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
