Today's Page Hits: 336
This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.
Java_ES Direcory Server and Kerberos services
Active Directory (AD) offer LDAPV3 and use Kerberos to store the passwd.
Java_ES DS storae passwd inside the LDAP DIT tree and if you want to
use Kerbeors to store passwd then one need to write a preop
plugins to interact with KDC for authentication.
Many Usiversity use MIT Kerberos to store passwd, SUN EDU LOB did fund
a project for Univ user to write a plugin to service this purpose.
There are many contributed to this project: Michael Gettes, Jeremy Rumpf
duke Extension to krbdirp By Bob Carter
Many user prefer SUN come out with an official Plugins so one can use kerberos to store Passwd.
Original goal of funding this project is for SUN DS group
to see the demand of this plugins and may come out with an official one.
In DS 5.2 there is a feature and demonstration How one can use SASL to interaction with kerberos services.
The problems are , in order to use this feature, all the clients need to be modified and need to know SASL.
This is exactly what cyrus project provide.
So even through there is a SASL interface in DS5.2, but not very practical, because very few clients can take advantage this feature.
We have ask the DS PM to add this feature but the answer is " no business case".
IMHO, if AD provide this feature, and MSFT service 90% of PC users, This is good enough Business case
Posted at 03:26PM Jul 13, 2004 by hstsao in LDAP |