directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: ADS for Single Sign On
Date Thu, 29 Oct 2009 21:13:35 GMT
Hi Andrew,

Andrew Wiley wrote:
> I'm wondering if Apache Directory Server would be suitable for use in a
> Linux-based single sign on environment using both Kerberos and LDAP. It
> looks like this server would be much easier to deploy and maintain than the
> traditional OpenLDAP + Kerberos setup, which would make my life easier.
> The deployment would be part of a project I'm doing as part of my high
> school senior year independent study project, where I'm exploring/developing
> a Linux equivalent of Windows Domains, so I'm not incredibly worried about
> production testing.

Yes, in principle that should be possible. But I can't recommend to use
it for production.

I used and fixed the KDC server some month ago. I was able to setup the
KDC, to obtain a TGT using kinit and to obtain a service ticket to
access the LDAP server using GSSAPI from ldapsearch command line. I also
implemented GSSAPI authentication in Studio and used the ApacheDS KDC
for testing.

The latest dokumentation I wrote is [1]. But I have to warn you about
other documentation: either it is missing or outdated.

It would be nice if you want to use it for testing purpose and if you
could give feedback or even better if you could provide patches and
documentation.

Kind Regards,
Stefan


[1]http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html


Mime
View raw message