Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows
2003 Active Directory to achieve the following:
A user,
[email protected], attempts to log in at an Apache website, which runs on the same server as the Linux MIT Kerberos.
The Apache module first asks the local Linux MIT Kerberos if he knows a user by that name or realm.
The MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows
2003 Active Directory.
The Windows
2003 Active Directory replies positively and gives this information to the Linux MIT Kerberos, which in turn tells this to the Apache module, which grants the user
access to its files.
Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.)
The documentation I have read concerning this issue often differ from this problem:
Some discuss linking up a MIT Kerberos with an Active Directory to gain
access to resources on the Active Directory server;
While another uses the link to authenticate Windows users to the MIT Kerberos through the Windows
2003 Active Directory. (My problem is the other way around.)
So what my question boils down to, is this:
Is it possible to have a Linux MIT Kerberos server pass through requests for a Active Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows
2003 Active Directory communicate directly.)
Suggestions and constructive criticism are greatly appreciated. :)