Greetings, I was wondering how one might link a Linux
MIT Kerberos with a Windows 2003 Active Directory to achieve the following:
A user,
[email protected], attempts to log in at an Apache website, which runs on the same server as the Linux
MIT Kerberos.
The Apache module first asks the local Linux
MIT Kerberos if he knows a user by that name or realm.
The
MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows 2003 Active Directory.
The Windows 2003 Active Directory replies positively and gives this information to the Linux
MIT Kerberos, which in turn tells this to the Apache module, which grants the user access to its files.
Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.)
The documentation I have read concerning this issue often differ from this problem:
Some discuss linking up a
MIT Kerberos with an Active Directory to gain access to resources on the Active Directory server;
While another uses the link to authenticate Windows users to the
MIT Kerberos through the Windows 2003 Active Directory. (My problem is the other way around.)
So what my question boils down to, is this:
Is it possible to have a Linux
MIT Kerberos server pass through requests for a Active Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows 2003 Active Directory communicate directly.)
Suggestions and constructive criticism are greatly appreciated. :)
