Linking Linux MIT Kerberos with a Windows 2003 Active Directory
Posted
by Beerdude26
on Server Fault
See other posts from Server Fault
or by Beerdude26
Published on 2010-05-15T02:53:14Z
Indexed on
2010/05/15
2:55 UTC
Read the original article
Hit count: 632
Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows 2003 Active Directory to achieve the following:
A user, [email protected], attempts to log in at an Apache website, which runs on the same server as the Linux MIT Kerberos.
The Apache module first asks the local Linux MIT Kerberos if he knows a user by that name or realm.
The MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows 2003 Active Directory.
The Windows 2003 Active Directory replies positively and gives this information to the Linux MIT Kerberos, which in turn tells this to the Apache module, which grants the user access to its files.
Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.)
The documentation I have read concerning this issue often differ from this problem:
Some discuss linking up a MIT Kerberos with an Active Directory to gain access to resources on the Active Directory server;
While another uses the link to authenticate Windows users to the MIT Kerberos through the Windows 2003 Active Directory. (My problem is the other way around.)
So what my question boils down to, is this:
Is it possible to have a Linux MIT Kerberos server pass through requests for a Active Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows 2003 Active Directory communicate directly.)
Suggestions and constructive criticism are greatly appreciated. :)
© Server Fault or respective owner
