Hi Vegard,
I'll admit, I'm not as familiar with Kerberos myself. But, DSpace does
not come with a Keberos authentication plugin. Therefore, DSpace does
not support Kerberos out-of-the-box. Here's the authentication plugins
which are provided:
https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins
If you are willing to do some Java programming (or have someone onsite),
it may be possible for you to build a custom Kerberos authentication
plugin for DSpace (by implementing a new
org.dspace.authenticate.AuthenticationMethod). I'd recommend looking
at some of the existing Authentication plugins as examples:
https://github.com/DSpace/DSpace/tree/master/dspace-api/src/main/java/org/dspace/authenticate
It's also possible someone else has found a way to use DSpace with
Kerberos. If so, hopefully they'll speak up and share their code and/or
experiences in doing so.
- Tim
On 5/11/2015 9:16 AM, Vegard Korvald wrote:
Anyone? I would be really greatful if someone could help me resolve this
issue.
I can shorten the question:
Is it possible to authenticate with Kerberos and still autoregister epersons
into groups? The best solution for us would be to use unix filegroups to see
which eperson belongs to which group.
--
Vegard
-Original Message-
From: Vegard Korvald
Sent: Wednesday, April 29, 2015 4:57 PM
To: dspace-tech@lists.sourceforge.net
Subject: Kerberos and filegroups
Hello,
We're considering using DSpace for our researchers who work with videos and
other data. We'll mainly use DSpace as a frontend for metadata in the
database. I have a couple of questions.
1. Is it possible to authenticate with Kerberos? If so, is it also possible
to
autoregister a user in a group on the first logon based on unix filegroups
or AD?
I know that it's possible with LDAP authentication and AD, but we can't use
LDAP as authentication for AD, only Kerberos. The best option for us would be
to authenticate with Kerberos and autoregister users in groups by using unix
filegroups. All users will not be in the same group and one user might be a
member of several groups. Is this possible?
2. I want the files in DSpace to be useable by other software as well. For
example a video in DSpace should not have to be downloaded before the
user can analyze it with a software. DSpace will only be used as a frontend
to
the database for metadata purposes and we don't want to store the files as a
38-digit internal ID, unless we have to. We want the users to be able to see
the same files on disk as they see in dspace. This means that the dspace
groups and the filegroups has to be the same. I've looked at Registering
Bitstreams via Simple Archive Format and if I understand it correctly it
might
be a solution. It's very important that these files are not available for
everyone on disk. The dspace user should be the owner of the file, and a
filegroup should give some users access to the file on disk for analyzing.
Typically the dspace groups should correspond with the filegroups. Is this
doable with DSpace?
Please let me know if I need to clarify anything.
--
Vegard
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette:
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
