Thread-topic: Kerberos authentication with dsDoDirNodeAuth ?
User-agent: Microsoft-Entourage/10.1.0.2418
I don't think it is possible to use your TGT to do a dsDoDirNodeAuth with
the LDAP plug-in. It sounds like you would need to do this to make it work
seamlessly. You might look at the LDAP plug-in source code though to make
sure there isn't some special way that it handles dsDoDirNodeAuth.
> From: Nigel Kersten <email@hidden>
> Date: Wed, 1 Mar 2006 05:23:43 +1100
> To: Paul Nelson <email@hidden>
> Cc: <email@hidden>
> Subject: Re: Kerberos authentication with dsDoDirNodeAuth ?
>
>
> On 01/03/2006, at 1:19 AM, Paul Nelson wrote:
>
>> It would help if you can tell us why you are doing the
>> dsDoDirNodeAuth.
>
> Because I want to authenticate to the node? :)
>
> I'm using in-directory ACLs to allow network account users to edit
> their own Contqct info, and would like to take advantage of the fact
> that all my users have Kerberos identities.
>
>> What directory service node are you trying to authenticate with?
>
> A vanilla Open Directory Master LDAP node.
>
>> Does the user already have a Kerberos ticket granting ticket in
>> their cache?
>> You can check for the TGT using 'klist'.
>
> Yes, I know. Irrespective of whether the user currently has a TGT or
> not, I can't work out how to this, or whether it's even possible in
> the DirectoryService API.
>
> Thanks,
>
> Nigel
>
>
> --
> Nigel Kersten [Senior Technical Officer]
> College of Fine Arts, University of NSW, Australia.
> CRICOS Provider Code: 00098G
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden
This email sent to email@hidden
