LDAP support for iRODS
Pauline Mak
Is anyone else interested in using LDAP for authentication, or would
like to see this implemented?
On a related question - is Kerberos likely going to work with GSI in the
near future?
Thanks!
-Pauline.
--
Pauline Mak
Assistant Manager, ARCS Data Services
Ph: +61 3 6226 7518
Mob: +61 411 638 196
Email: pauli...@arcs.org.au
Jabber: pauli...@arcs.org.au
Calendar: http://tinyurl.com/pmak-arcs-calendar
http://www.arcs.org.au/
TPAC
Email: pauli...@utas.edu.au
http://www.tpac.org.au/
alan...@gmx.de
Hello Pauline,
we'll appreciate, if LDAP authentication is being implemented with iRODS.
Best regards
Andreas
On Thu, 22 Oct 2009, Pauline Mak <pauli...@arcs.org.au> wrote:
> Is anyone else interested in using LDAP for authentication, or would
> like to see this implemented?
>
> On a related question - is Kerberos likely going to work with GSI in the
> near future?
>
> Thanks!
>
> -Pauline.
>
>
--
Andreas Landhäußer +49 151 12133027 (mobile)
alan...@gmx.de
Roger Downing
I had Kerberos and GSI working at the same time in iRODS 2.1. I can send you the patch if you like? It creates an object that wraps around the Kerberos shared library and then modifies the function names used by iRODS so that they do not clash with the same ones from Globus (the functions in question are the GSSAPI ones). I've not tested the patch in iRODS 2.2 but its pretty simple and the only likely modifications you'd have to make will be to do with changes to the layout of Makefiles etc.
Rog
schr...@diceresearch.org
It looks like there are a few sites interested in running Kerberos and
GSI at the same time, so I'll try to integrate Roger's extensions for
that for the next release (thanks Roger). I've updated our RoadMap page
to reflect this.
For LDAP support, there seem to be a couple of sites interested and I
expect we may be able to support that someday, but I don't think we will
have time to add it for the next release. A number of projects that
have come up recently fall into my areas, and I believe my time is now
over-booked (see the ICAT and authentication projects on the RoadMap).
But if someone could provide me with example 'C' code that handles the
LDAP authentication, client and server, that would build and run on our
supported platforms, that would help.
Thanks,
- Wayne -
Pauline Mak
schr...@diceresearch.org wrote:
> Folks,
>
> It looks like there are a few sites interested in running Kerberos and
> GSI at the same time, so I'll try to integrate Roger's extensions for
> that for the next release (thanks Roger). I've updated our RoadMap page
> to reflect this.
>
That's great news :) I'm wrestling with whether to go down the path of
supporting LDAP or whether to stay with Kerberos right now... It has a
huge implication for our entire authentication infrastructure, not just
for iRODS alone, but also other applications we support too.
> For LDAP support, there seem to be a couple of sites interested and I
> expect we may be able to support that someday, but I don't think we will
> have time to add it for the next release. A number of projects that
> have come up recently fall into my areas, and I believe my time is now
> over-booked (see the ICAT and authentication projects on the RoadMap).
> But if someone could provide me with example 'C' code that handles the
> LDAP authentication, client and server, that would build and run on our
> supported platforms, that would help.
>
Yeap - no dramas. Thanks for all the fantastic work thus far!
Unfortunately, we don't have the resource either... :/
One option is to use PAM, which would make authentication extensible
(while maintain the Kerberos support) I'm not sure what the status is
for Windows is though (there's pGINA), but it's certainly well supported
by Linux and Macs.
Cheers,