Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"I prefer rogues to imbeciles, because they sometimes take a rest." -- Alexandre Dumas (fils)

devel / comp.protocols.kerberos / Re: authenticate user via ldap bind

SubjectAuthor
o Re: authenticate user via ldap bindCharles Hedrick

1
Re: authenticate user via ldap bind

<mailman.88.1692391494.1964.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=371&group=comp.protocols.kerberos#371

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: hedrick@rutgers.edu (Charles Hedrick)
Newsgroups: comp.protocols.kerberos
Subject: Re: authenticate user via ldap bind
Date: Fri, 18 Aug 2023 20:44:45 +0000
Organization: TNet Consulting
Lines: 48
Message-ID: <mailman.88.1692391494.1964.kerberos@mit.edu>
References: <8734baf3-fb80-baad-01b6-b214907813b1@thenode.info>
<PH0PR14MB5493F9A45A9EF45663D16799AA1BA@PH0PR14MB5493.namprd14.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="2985"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>, "alexjl2@thenode.info"
<alexjl2@thenode.info>
Authentication-Results: mit.edu; dmarc=pass (p=quarantine dis=none)
header.from=rutgers.edu
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.9.3.18
ARC-Seal: i=4; a=rsa-sha256; d=mit.edu; s=arc; t=1692391493; cv=pass;
b=kV+kLjnzI1A4tV9LMXiGroLtmLcVZRzfCso1AF6fMgHyC/dT0EhVqn/OaSVbYDShQZMbWWsy2e0ICRlKS6lfMxT7hQL4KLILHZkib8fUJq1HM3mtaH+Sa7+wfccmSFl9nY2pFWNkm0xZc2ZO0USB9FC5HEfv1mEpLo/gEQzYg+GWCOhQ5LowJbTDEscpHtWSwdHCYfv0b3lAMVXjeqLc/8fntwtqc7XcfwjhiVRNhRWSuYoj7bZBO6IDObDN593FWPg0/NX7M2BafC3G/ThhedU3LEwjq31sKYHIx3FCsoQza+uNZXnF5Gt6a7pgpaJ6u9N8HJyh2ngq9Fg7EcQfog==
ARC-Message-Signature: i=4; a=rsa-sha256; d=mit.edu; s=arc; t=1692391493;
c=relaxed/relaxed; bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
h=From:Subject:Date:Message-ID:Content-Type:MIME-Version;
b=HJH8Zt+Mk4Gq54nQ3OhIrrfmnCpjnqiXQGkhoANoHkM7QtLUf5WIZu0mukr/clvIcWDFDaSrV8+o//sxN4YYmTU4oQewmPyI9j+WxrweuwXfOY45YOgux1KdeDph3u+GJ4qsJcr0PDlFLg25B8XC28FiXCinDi+2rfm13RfoV6gkvWJb6ClB+ppAL9sF9W9JwpafvNr1T5je27uoZ4BVjb3PRtK0CdQPDrTRramAYL0pkjPxFHQi7VLi/fTboX1V+CReLgZw1fMsEX/kuahe4H2rXrs5SxMxTx4BGb+oaV2Gjk4f3eGv6TsopzXuI30v/BBGUvkrrylP7IEzxos6sQ==
ARC-Authentication-Results: i=4; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=YceVSX0f;
dkim=pass (1024-bit key;
unprotected) header.d=rutgers.edu header.i=@rutgers.edu header.a=rsa-sha256
header.s=selector1 header.b=CNDzM14F
Authentication-Results: mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=YceVSX0f;
dkim=pass (1024-bit key;
unprotected) header.d=rutgers.edu header.i=@rutgers.edu header.a=rsa-sha256
header.s=selector1 header.b=CNDzM14F
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=JNLSG0oOnpzwohD1n2kgndI0QnA+sk8eZKnHobKyxYO4+0ISBDvrsiDOsirDQuksGtdcnRLvTnWen9D6RNsvS62O9bqUgib7kY2JsESB6jOKUM4UF2ZgeK5Yiba2o/U3PNFoIBOXVjPoDGcmHRQ7196vpPtMGopRxE5nZdM6FKtNQ2Dpl0fxKR2WLiIeCoczmE31Oec2b8fHDGy/s+ZcRfM9eUfhxb8SrdosoJM/ZvCXQcq8hymEOSH4tEegiS67f3g++tYKffX0kWUUFaNmwfP+yfYdRRr9SNRyiwNf0vw1T2DQYDhR4v13K+yVEJ9an9/AOBLRcMzxJ6D5pi5N3A==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
b=WlIBUO9xul4xiqWC6qTAi1uNgwRlwxDqPN3znRwTz5DiafeRmT1iEEiVBrcq97LB+Re5Pr/jlrmLeg2TTbKFeduCpsl9P2qPInnqhRpQIBx8BdJSu2ROiI5bM1O5QJR7pledJFxc235mnTzEpfmQ6bt1yDtFsT5tHyYsyEpeSlt/WoQc7deWM7Nu1on4Cq6eCggOR9PFI2+pwXIZ4DAAiQ6USIhFYztZq3eaH3G+tKY73xxrIoHJJBdzRvut7B14p9apC04vxs72iuqOO4xsQy2xz9v6LHxqp5kOVzOQ6j+G/hshQmL6nFR4I8pw/MnL9s84tYmWWEtHv5hqtkzkng==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=none (sender ip is
40.107.94.138) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=rutgers.edu; dkim=pass (signature was verified)
header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
b=YceVSX0fRvZvUB7RyQMvCFDWp6AanL9WdQfFAH1h7MihuM2wAD0ZxDffBj1sSF69IlVF/neCH3Pe0p9Uqx3i9iVHM11NuJeMzv6qHd572xlQcwNPmncsoEQi5FOjfz7/imDnEnsm/Fb6Qmj9dQ+sRxFtVJvEOy/7kovMfP3XxYM=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=PlvkuqnYe9lqp+kooQXFj0A2jHQIWTR0Iyb7TvCNMoKZFkdsmkKAcey9wRA2lZN+R6vrXj+2VszFNkPfOcXyJ5PP9YkcgOb2c89K0dop6g2rfMZjO4uF8zC++jYy8Nq9bYt3TvIdlCzMkfe4lsOdnvPymqCrYdzYAdgOwVMsybmKYbgaOc7dBsv6sgZDdmVd89sX39eg4w0i3S4Acfk9L2UYzgVd4Dsy9ZtW3bw5prFelopuv7Fr9lRO/Dot3vImCv/MOh0QTPczYHIPSwD0HJAWq9dsjh1+r+dqXGkoAMBGOR9Ul6z234apzsaL/de0I8tvB2GMosp1WaWcaeVOPw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
b=B4J9s61LrATg0zwXkEhaDmvPswrKQ6AQMwrsCtAma57wxjCpFcPODzZZXTUvNhWjPv3wFb48PGSAd3lJ6pUzr1ub8l9BwccTDeDYtdp6fyawePr9dmO4YQtX0a8uH8q4pbGnXEgm9CyBlNlDb/7Mm0T04FDna1H+ewmO23juuN+1VsyjIWmk0q5s+eNEXcxmVkUEtAq6gB9d+JoL4QCuQZ32RvwpUStGKvUhu9/nvyg/egvylbMi8sm8oQAJherTNVwp8Z1WQpkV9dUS8UGzXz8DNO3ScvhG25TcIKwAy24mXWbXhxDqVcGEnQFZmixxvrpcdrkZgkYk6nZiP3c13Q==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=none (sender ip is
40.107.94.138) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=rutgers.edu; dkim=pass (signature was verified)
header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1
spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu]
dmarc=[1,1,header.from=rutgers.edu])
Authentication-Results: spf=none (sender IP is 40.107.94.138)
smtp.mailfrom=rutgers.edu; dkim=pass (signature was verified)
header.d=rutgers.edu;dmarc=pass action=none header.from=rutgers.edu;
Received-SPF: None (protection.outlook.com: rutgers.edu does not designate
permitted sender hosts)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=DAf5a1KQ5gVboTJKsrcbNSM7fhplDf6HuWEOWTAYBmfpf5b/Wvr7C7wFqB8Z7HbD99eiq9wX9YbxK/wVVojku5fNXC+cuJdyBy4sGvZOIE2K+pKLV9BPJmJKzgDWQaC/mrnMBUMkxvKnokTLtLdVfcoPSvriP278Loq4EqG2oEaR8kj69SKnnl2jNrjF0yqPi6Yz5a9i2DxeCs7R5Ic7MZ+g1n29SPx4KWgLnKTPpVp6FZmaCs7B0sqiWESZ3ixd80y2+W/5f87Ipibxg8wMZ9yOjtgbzp+c41td95B8rsm6SUooz7r8LeY7+0damEgPTStWHkzxAXcqxdkVcX/1Gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
b=e4UsYrnKe1vRaD7CBozw8dHOBSc7yShhtLylB6hmxElJDtwomLSZCCA8+X7ipNjJx80ghatWDb0zej7QerinXLiKg8Qh4fZRlScXLc/+gwsFC7TFagWCdvVqBCNol19CESMCTNyZxf95HzYUnmvpZyOuAYewV6HMnOgua3f0u+yqHlHoSjW4Vf10xplgcNKacX6KYoPBn9wujhhFaIJ6M1cbGnPI9exr/wU/q7Rm4WKYl7GQaCf01/Tw7PCgeuhOAp+1GfHgqihQ6r9xnsBqO84iYNI0fsvD7F2wVc+syMwtWxhrYXGieo/lALpwCyoejKD0l2+PeJY3PHvPVdPgAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=rutgers.edu; dmarc=pass action=none header.from=rutgers.edu;
dkim=pass header.d=rutgers.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rutgers.edu;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=qKKzt0wqHVCktWx0dGzKH/lWGmiQgxbxZrF+gLetqmY=;
b=CNDzM14Fxm/AL3/k4u8JURNo1MDwKuavu7fHd2lbTyT0CZ8YkSUQDGkzf+gR31Cve1lbPOiYEJn2tF2cyw1kapbrI3PoWXqZgdNK1RA5neOSWo7gyM/CYMc4F4/4ddIZ3oNsHZFmmFSgBdM8soC33zmpVKvNrrcqb9PzOek4QBE=
Thread-Topic: authenticate user via ldap bind
Thread-Index: AQHZkhJBvSLW+2KEFkGljw2VInDUha/w/3Vj
In-Reply-To: <8734baf3-fb80-baad-01b6-b214907813b1@thenode.info>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=rutgers.edu;
x-ms-traffictypediagnostic: PH0PR14MB5493:EE_|SJ2PR14MB6478:EE_|CY4PEPF0000EE3A:EE_|PH0PR01MB7365:EE_
X-MS-Office365-Filtering-Correlation-Id: 9eb2bf66-5916-4b01-839f-08dba02bf634
x-ms-exchange-senderadcheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: D3q4DMnax4+P1XD3mqaWa3O9fD1wxBn1RXp6uQjaPmPdlko2E+8yUgNWGIn9B/wKb+mophARmqXS6Y/mTgiktXL1xzPfOAT1Ri4Z6iku5jkA3NyiGnouxvH0RGel9ZpM6Xi1yIfF8EVAXfp4NbpUXy2Fu66YRI7zUtXeFgW18LGPpv6Tku5z45mjDz3XNNv8LGBGLP1oEz+Pc4p3zqC1kXkYgW2AN9XCnYGN8aaT3RwoW1R68+9blT+fhNRvXDEPaZCfvwWVJ0eyHH5AlUiZ0HzTQLaoZ7JZjxcSUChR3mUgSgWZn/SBIq6xNumgNJuP/a8kuZS3bLY7zNzt6VHHDCPXROAog/bG3R4UqVuxqPIGywv94t6GPdUPZp502SG1o8N4geFWcWhO3BKNAJd4Z/7wCmYTjK/5sntnfjZM4VX36Z/Bs0wAJ0IbujkHcGcZSvPJ63B8C0YWEOjAoK9TRTRwMmUmyD02svCY3/dbW6GF1gAKCmsecEWQ1tQzf0y2yHjk551cvhQB374DGIXqtxSD0vnhK3fPap9/P/GlhEysqeh8da6GXDPQn1/+7b6I9RaoPdh8611SLY4BGf3B8aXjVR4x+maytZPbIQ4mFwM=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR14MB5493.namprd14.prod.outlook.com;
PTR:; CAT:NONE;
SFS:(13230031)(39860400002)(346002)(136003)(396003)(376002)(366004)(451199024)(1800799009)(186009)(71200400001)(6506007)(53546011)(9686003)(7696005)(83380400001)(5660300002)(8936002)(52536014)(8676002)(2906002)(1015004)(41300700001)(110136005)(478600001)(786003)(76116006)(966005)(64756008)(66556008)(66446008)(66476007)(316002)(91956017)(66946007)(75432002)(166002)(38100700002)(38070700005)(55016003)(33656002)(86362001)(19627405001)(122000001);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: aj9bbq5K0dU/S4s9bsjpyEGZ7qsE2fxHc7rJ5RPj5BDUnROs+JRkZoCSAI
E7rAJCZMAoXKX85f1H8xV4Y9Lh1ofmcw61cY9MCpAKQcdnO8LaAcguAMet
sa95DVbbU5ioEEoep21kjQLgEZKJRJSb33o4ClS2AJiMsd5XyT104qSSrr
vhMrzWqakYsvh3c40YoxJ6GpZxaGMgmSyFXX+CH2VaLfcbcPiDwdmzLK7g
A4QCId0ioNLyezlduK5yQVI8gOOdRGesW5Rb2pno+Ka3CiBmLiVWvQVaSN
P5GO8YXQJr2ZghvUkw2+dFacTxhQVd/OqA1zWZkw1I8nw/lXsutugXhNTP
VFdCYM7yyRJSc5//oqirRfK7PJ7IwK5BQUVSwymjGabwi5LmM7OSHQGRVo
7OwkNR2N4M0wmfcYhjCEixYN0U6P2csHIfwWuRLzdwByhWuLihOyBv+FsC
HD9OsHE2wG246uXPm92Efe1RbSY7TLkMF9Ee4bRyEUNxjWVncrefqa44EA
l2KXDx8jpelgelewxACvdU/EO/jupu3RHjuHnxCtP5XjaJz2Av61gJ6Tmx
EuH7tDTXsJ7jfZIKW22CZE5t1kK2Mkxp9HTmGZhf4I/EbIFCI1k6+KyprB
gpduGUkBofgnVEO4X2JvXt3dEBs8F1acJKFvUeihz3Qsczgl1o7sjMvJBR
RuPKaA7UK18hTBfkO0XN7macnU1e29hPNYvV0vYapicRQmvRtaJLpjeJhb
WI4AjunuwSDxKpVsm1LyXogQOdVU4dV9ZkUPsss/+gciiUwYyczZvEO0aM
geboVFUbwPxIixFyGFhbgUSowSQlMQ31fiSMmDtesjDvs4Ey8+ZveTZQcQ
Okv3+jTQb0rluZnPwHQmOIw90U13bFGkqoxQNIfqOoV+2s/NlUxWS3EV1D
FK/TtKjCDlpQ+PiOxiqRkT5Ph3fyDGJ2yMu9tMMl/NlZYARaD08KkVR0ct
zlwslTBKgWqqDplDs2b7gr/XUzwnP0lnElFgoMuoE4hgcDfucEbQU8+3eC
rGIW0NjNetaT3A2C3jlIIkAORseT/PphoeMu25ufLeOKxY9eTbtlcmUsMq
VCGrwAZS/Co+8tUfj3R4czBqQDrVHm7fPDCuJiImQQfrfJlCuz3y7uLXHZ
fCahk7RnUefeAYU1j1aUCO1kuezTQj5Qe/GXZGyJ2FV+sZPioXvuY0ykYr
RcW1rgAq+g6BGDv/VS/zosGBnKkV3wXX8MH6cGb5O+Ew/OQk/CO4kMWWZ5
j2/aewW9o5vv4bmfnRHknouKXEsX7bLg1tqRjH+TQbJGUmLin5y+QfFz59
p7THPapMy/1BJuhCl+fTLka7DIgVdPMUDkwT9X7CNdmxU9Mthpwrk83K/F
xOqHyZhFxHreTAxpIb57o1pU7XCbUTmr12fYej3acG/oNOPrSTNWUAq5Mm
LvZVdHwxx3+jHalCWS5LXJksp2QqzamOOy+VuU5OYlWywTKyutc0pCskRw
cwXZAznE+cqER4xSLTnixtyGdmvoV/7iFX3HQw1N4Y+DlDxJStTTxjmosd
SbDjSe9FzVsE6n28Oue9VIFot0ME4nXRCEPzXSed8xcVZBq1lgU6pktg
==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR14MB6478
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CY4PEPF0000EE3A.namprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CY4PEPF0000EE3A.namprd03.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 17374295-032a-4a66-b7af-08dba02bf500
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: SiMMzT1icJPyHM+WZf/WuINivce3S77VROBbWw9xcnGsgqP7xk8NKAKf4D5fjBVot/mb23p0PmzK9rYb9w578dV5CQiKf2X0ryz5lksztZVL6IiWJcsF7rHH1ApRBzKz4Wb+72OzS0Al6nROEmTYC6pME+fbStsXT6ZKzTnvIksChEE0B02WuoH8Pikf6TFcGgxFCWosJ0hl9VOw6M79BvAnyx7yJfSaaVvfMq/CPPBer+70ZJOuqSEwcSfXe5sJ5vGg8/itBC1bqMKb66THsi1h+XWdMngpB76CPGJYbfP6DPs4lfG6lSkQKsEGmYCLiMoy68EQpRMH3EipGnAkSTlKY18GUXxMA38FWmICa3NhfFYv12XHV/hf7rsQlM0CS6gH6PEyVf+1URjWCeRewPiKWwEO/Hz0efQxcFu7diGMJYshvniwAnTxcVQWRcx0nFF2GHLkubxngn9QttSO/r0w3eCITT+t4UCgojVEhNhkyeM9FkCpYONash+ptozkkRebGrkmxpV5uS2Sq5WHAA20ULJlY8P20s0592rDReWzEa0TueIMmUz1nKJ9n0+4hlzogNvQlP46MLBE7uBd7bx+G1nlvGmBQht7AEO+P9i31IHvLkW7/0w7WAfEkyQBD8GQOMxah3cvsoZ7rTcUguMGfSnl3bqeNyl8HNeL3Ub8wibG5zT6mPql88gtwneP
X-Forefront-Antispam-Report: CIP:40.107.94.138; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:NAM10-MW2-obe.outbound.protection.outlook.com;
PTR:mail-mw2nam10on2138.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(4636009)(136003)(346002)(396003)(376002)(39860400002)(48200799006)(61400799006)(451199024)(7696005)(6506007)(9686003)(53546011)(336012)(55016003)(26005)(83300400002)(83290400002)(83320400002)(83310400002)(83280400002)(83380400001)(166002)(75432002)(7636003)(356005)(33656002)(2906002)(316002)(68406010)(786003)(70586007)(86362001)(110136005)(5660300002)(19627405001)(52536014)(8676002)(498600001)(1015004)(966005);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Aug 2023 20:44:47.6013 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9eb2bf66-5916-4b01-839f-08dba02bf634
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3A.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB7365
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <PH0PR14MB5493F9A45A9EF45663D16799AA1BA@PH0PR14MB5493.namprd14.prod.outlook.com>
X-Mailman-Original-References: <8734baf3-fb80-baad-01b6-b214907813b1@thenode.info>
 by: Charles Hedrick - Fri, 18 Aug 2023 20:44 UTC

Freeipa (and presumably MIT kerberos) has the ability to delegate password checking to radius. This is intended to support two factor authentication, but it doesn't have to use two factors. So in principle you could use that and not have separate copies of the password in your kerberos. I've tested this but not used it in production. I wanted to be able (if necessary) to use our campus passwords for our users, so they don't need separate passwords in our departmental kerberos system.

At least in freeipa, the authentication technology used is a user attribute.. So you could use native Kerberos, possibly with the native two factor support, for some users and pass the others to a radius server. You can also have more than one radius server, for different users.

________________________________
From: Kerberos <kerberos-bounces@mit.edu> on behalf of John Alex. via Kerberos <kerberos@mit.edu>
Sent: Monday, May 29, 2023 5:38 AM
To: kerberos@mit.edu <kerberos@mit.edu>
Subject: authenticate user via ldap bind

Hi list,

recently the need arose in our institution to setup a kerberos infrastructure so that
users can login on windows machines using their institutional credentials. >From what I
remember though from a mit kdc deployment I did many years ago, I had to have the user
passwords in cleartext in order to create the kerberos principals.

In this instance, user passwords are stored in our LDAP server (OpenLDAP), hashed. All our
services currently validate user credentials by attempting an LDAP bind either directly or
via another protocol implementation (Shibboleth IdP, FreeRADIUS, Keycloak etc).

So my question is, is there a way to implement kerberos without knowledge of the plaintext
passwords, or do we have to somehow capture the credentials during users' login to other
services and then sync them to the kdc db?

Thanks,
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor