[pubcookie-users] Pubcookie and AD
Konstantin Ryabitsev
icon at fedoraproject.org
Tue Feb 7 09:23:20 PST 2006
Hello, all:
McGill uses MS AD, so in my evaluation of various SSO products I have to
present everything from the point of view of "how well it works with
AD." I've successfully tested the Kerberos side of Pubcookie/AD, but
there is a bit of a non-technical issue for me to consider. McGill has
been trying to standardize on "first.last at mcgill.ca" as everyone's login
credentials, and Kerberos flavour of AuthN can't use these. Judging from
things I've found so far, I can configure Pubcookie to use the LDAP
flavour of AD for AuthN, but that seems like a far less solid solution
than Kerberos.
Does anyone have any pointers about the best ways to use Pubcookie with
AD, keeping in mind that preferably we have to stick to
"first.last at mcgill.ca + password" on our login forms? Is there a way to
do transparent pre-kerb translation of first.last into the Kerberos
principal name?
TIA!
Cheers,
--
Konstantin Ryabitsev
McGill University WSG
Book: "You don't fix faith, River. It fixes you."
--Episode #7, "Jaynestown"
More information about the pubcookie-users
mailing list