[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cross-domain authentication

Hello all - 

I'm trying to implement a single sign on model for our
Windows/Linux/MacOS environment.  I would like to store all of our
password information in an LDAP database and have Windows clients
authenticate to Windows AD Domain Controller then use a cross domain
trust to check the Heimdal Kerberos server for authentication.  I
would like the Heimdal Kerberos server to store the password info in
LDAP so that I do not have to worry about replicating both Kerberos
and LDAP databases.  I read in the O'reilly Kerberos book that this
cross domain trust is possible.

Does anyone have experience/advice setting something like this up?
More importantly does anyone have experience using it in a production
environment?  Will I be able to use the Windows password changing
mechanism or will I have to do all password changes on the *nix side? 
What order do I compile the pieces in?  Do I need to have a working
LDAP implementation before I comiple Heimdal or do I build Heimdal
then LDAP and then init my Heimdal server?