[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cross-domain authentication

To: heimdal-discuss@sics.se
Subject: cross-domain authentication
From: Seth Faxon <faxons@gmail.com>
Date: Thu, 26 Aug 2004 14:40:43 -0700
Reply-To: Seth Faxon <faxons@gmail.com>
Sender: owner-heimdal-discuss@sics.se

Hello all - 

I'm trying to implement a single sign on model for our
Windows/Linux/MacOS environment.  I would like to store all of our
password information in an LDAP database and have Windows clients
authenticate to Windows AD Domain Controller then use a cross domain
trust to check the Heimdal Kerberos server for authentication.  I
would like the Heimdal Kerberos server to store the password info in
LDAP so that I do not have to worry about replicating both Kerberos
and LDAP databases.  I read in the O'reilly Kerberos book that this
cross domain trust is possible.

Does anyone have experience/advice setting something like this up?
More importantly does anyone have experience using it in a production
environment?  Will I be able to use the Windows password changing
mechanism or will I have to do all password changes on the *nix side? 
What order do I compile the pieces in?  Do I need to have a working
LDAP implementation before I comiple Heimdal or do I build Heimdal
then LDAP and then init my Heimdal server?

Thanks

Seth

Prev by Date: Re: PKINIT + heimdal snapshot: certificate authentication does notwork
Next by Date: Heimdal-Openldap how to store principals?
Prev by thread: Re: PKINIT + heimdal snapshot: certificate authentication does notwork
Next by thread: Heimdal-Openldap how to store principals?
Index(es):
- Date
- Thread