Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows 2003 Active
Directory to achieve the following:
A user,
[email protected], attempts to log in at an Apache website, which runs on the same server as the Linux MIT Kerberos.
The Apache module first asks the local Linux MIT Kerberos if he knows a user by that name or realm.
The MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows 2003 Active
Directory.
The Windows 2003 Active
Directory replies positively and gives this information to the Linux MIT Kerberos, which in turn tells this to the Apache module, which grants the user access to its files.
Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.)
The documentation I have read concerning this issue often differ from this problem:
Some discuss linking up a MIT Kerberos with an Active
Directory to gain access to resources on the Active
Directory server;
While another uses the link to authenticate Windows users to the MIT Kerberos through the Windows 2003 Active
Directory. (My problem is the other way around.)
So what my question boils down to, is this:
Is it possible to have a Linux MIT Kerberos server pass through requests for a Active
Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows 2003 Active
Directory communicate directly.)
Suggestions and constructive criticism are greatly appreciated. :)