This isn't supported in the current code.Hmm... What I'm trying to accomplish here is a configuration where users authenticate to the ldap server with username/password (no kerberos ticket) and their password is checked from kerberos. Is this possible to do with the standard plugins? I've had a hard time trying to figure out how to do this... =) The idea in this is that we'd like to have a single service for authenticating users, even for services that do not support kerberos. Sounds good. First you'd need to figure out how to perform a proxied authentiationIf it's not possible, I'll look into writing a plugin that does this. against kerberos. With the existing SASL/GSSAPI mechanism we don't need to do that because we're simply passing through the authentication payload between GSSAPI and the client. Presumably you'd need to do whatever 'kinit' does, but inside the DS. |
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
