Re: Authenticating to Kerberos

From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Mon, 30 Jan 2006 16:34:44 +0100

David wrote:
>
> Are there any modules that I could use to authenticate against Kerberos
> (perhaps there is another module will do just the auth, e.g. for LDAP?).

If you already have a TGT (after kinit) you can use python-ldap (built
with OpenLDAP, cyrus-sasl and heimdal or MIT libs) to authenticate
against an LDAP server with SASL bind and SASL mech GSSAPI. But that's
probably not what you're after.

If you provide more information about your KDC and infrastructure there
might be a solution:
With some tightly integrated configurations a LDAP simple bind against
an LDAP server checks the same "password" as the Kerberos Domain
Controller (e.g. MS AD or heimdal KDC with OpenLDAP backend).

Ciao, Michael.

--
Michael Ströder
E-Mail: michael@xxxxxxxxxxxx
http://www.stroeder.com
.

References:
- Authenticating to Kerberos
  - From: David

Prev by Date: Re: seperating directories from files
Next by Date: ANN: CherryPy-2.2.0beta released
Previous by thread: Re: Authenticating to Kerberos
Next by thread: StringIO proposal: add __iadd__
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows GSSAPI ssh connection via cross-realm authentication problems
... I think you misunderstand the role of Kerberos here. ... If the SSH service is in realm ... The non-Windows KDC needs to trust any user ... kdcadmin user's home directory and that one can authenticate just fine. ...
(comp.protocols.kerberos)
Re: Kerberos machine authentication - apparent authentication fail
... >From what I can tell the kerberos failure shown in netdiag does not always ... mean that kerberos authentication is not being used. ... computer for logon events and the domain controller for account logon events ... > authenticate with K after initial failures. ...
(microsoft.public.windows.server.security)
OpenSSH, Kerberos, GSSAPI, and windows clients
... My FreeBSD is happy authenticate from itself to itself via its own KDC. ... backport of Simon Wilkinson's gssapi patch. ... downloaded WinSCP 375 beta which claims to have SSH2/MIT Kerberos V ...
(SSH)
Re: ADAM - ldp bind credentials change when using machine account
... Kerberos errors are actually related for some reason. ... System account to run the ADAM instance or a fixed service account? ... you can see that the machine credentials are authenticated ...
(microsoft.public.windows.server.active_directory)
Re: USE of ADFS
... but have users in y domain, you cannot authenticate users from y domain ... unless you specify that domains ldap server. ... All domains in the forest trust each other. ... I don't know if ADFS would really help you here or not. ...
(microsoft.public.windows.server.active_directory)