Hi all, I'm experiencing some problem between authentication and authorization through Kerberos and LDAP. This is my situation: I can authenticate on LDAP through the option -Y GSSAPI after having obtained a valid TGT from the KDC. I have some questions:
Is it possible to authenticate via Kerberos on LDAP without obtaining prior a ticket (i.e. when i have to authenticate to the LDAP i want that username/password was asked and then these username/password allow to obtain the ticket from Kerberos). I'm asking this because i want that this new mechanism be invisible from a user point of view. Are there some solution to this problem or I need to implement by myself a customized client that communicate with kerberos and then with the ticket to LDAP^??? Another question is about how to map authentication to authorization in LDAP. The example found was very simple with a flat LDAP, I'm in an hard situation, with an extremely non-regular LDAP tree, how to find the correct mapping to the correct identity??? Thanks in advance, Andrea ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
