[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hello all -
I'm trying to implement a single sign on model for our
Windows/Linux/MacOS environment. I would like to store all of our
password information in an LDAP database and have Windows clients
authenticate to Windows AD Domain Controller then use a cross domain
trust to check the Heimdal Kerberos server for authentication. I
would like the Heimdal Kerberos server to store the password info in
LDAP so that I do not have to worry about replicating both Kerberos
and LDAP databases. I read in the O'reilly Kerberos book that this
cross domain trust is possible.
Does anyone have experience/advice setting something like this up?
More importantly does anyone have experience using it in a production
environment? Will I be able to use the Windows password changing
mechanism or will I have to do all password changes on the *nix side?
What order do I compile the pieces in? Do I need to have a working
LDAP implementation before I comiple Heimdal or do I build Heimdal
then LDAP and then init my Heimdal server?