Re: using xp credentials for ldap authentication
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Aug 2008 11:22:06 -0500
I also recommend hiring Dave's company to help with this if need be. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DaveMo" <david.mowers@xxxxxxxxx> wrote in message
news:fdb10e65-6054-4ad0-9bdb-5ae05e9eb4b9@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 6, 10:53 pm, Michel777 <Michel...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
The very last question: is there any tutorials, examples how to do it ?
especially how to get the ticket from xp and how to handle with it ?
"Joe Kaplan" wrote:
The solution Brian suggested, using Kerberos, is available on either
platform. It just depends on having code available to support Kerberos.
There are plenty of options in .NET and other APIs. There are also Java
Kerb stacks that can do this.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Michel777" <Michel...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F1784FF6-2BC5-4911-AEA3-3D9E26A86936@xxxxxxxxxxxxxxxx
P.S: would be there a solution / workaround if the server would be
running
on
windows server ?
"Michel777" wrote:
Dear Joe and Brian,
thanks a lot for your fast responses !
Warm regards,
Michel
"Joe Kaplan" wrote:
Ok, so what you want to do is pass something other than the
plaintext
password into this method and have the server use that data to
authenticate
against AD? The answer is no, especially if you plan to use LDAP as
the
authentication mechanism. All the supported LDAP auth mechanisms
require
plaintext creds.
What you really want is what Brian Komar suggested (Kerberos), but
it
would
need to be modified to support that.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Michel777" <Michel...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51B8CB04-3D70-483A-94E2-F7395E68083C@xxxxxxxxxxxxxxxx
There is an API using own authetication. Written in java or .NET
(depending
on wich operating system the server runs). The product is
MobiLink
Server:
"Create a class called MobiLinkAuth using Java or .NET.
The MobiLinkAuth class includes the authenticateUser method used
for
the
authenticate_user synchronization event. The authenticate_user
event
provides
parameters for the user and password. You return the
authentication
result
in
the authentication_status inout parameter."
import ianywhere.ml.script.*;
public class MobiLinkAuth
{
public void authenticateUser (
ianywhere.ml.script.InOutInteger authentication_status,
String user,
String pwd,
String newPwd )
{
// to do...
}
}
"Joe Kaplan" wrote:
What authentication protocol(s) does the server application
support?
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Michel777" <Michel...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:D6561EFB-0698-4D88-BE83-84D04407D59F@xxxxxxxxxxxxxxxx
Scenario:
the windows xp user has autheticated againts a nt-domain
(active
diectory)
with credentials xpuser / xppassword. a java application
running
on
this
xp
box will access a server application located on unix. this
server
wants
authenticate the xpuser againts active directory.
Question:
is it possible to use the xppasword (cached in hash form in
the
registry)
for that authenticateion ? If not is there any other way to
avoid
requiring
to type the password (xppasword) by xpuser ?- Hide quoted
text -
- Show quoted text -
At the application layer, you wouldn't normally use Kerberos directly
to perform client/server authentication. On Windows an application
typically uses SSPI or one of the higher level transport mechanisms
(LDAP/SMB/HTTP) which in turn use SSPI. On UNIX/Linux you would use
GSS-API.
You can search on these terms and find plenty of samples.
HTH,
Dave
.
- References:
- using xp credentials for ldap authentication
- From: Michel777
- Re: using xp credentials for ldap authentication
- From: Joe Kaplan
- Re: using xp credentials for ldap authentication
- From: Michel777
- Re: using xp credentials for ldap authentication
- From: Joe Kaplan
- Re: using xp credentials for ldap authentication
- From: Michel777
- Re: using xp credentials for ldap authentication
- From: Michel777
- Re: using xp credentials for ldap authentication
- From: Joe Kaplan
- Re: using xp credentials for ldap authentication
- From: Michel777
- Re: using xp credentials for ldap authentication
- From: DaveMo
- using xp credentials for ldap authentication
- Prev by Date: Re: using xp credentials for ldap authentication
- Next by Date: Domain Trusts - File Sharing
- Previous by thread: Re: using xp credentials for ldap authentication
- Next by thread: Domain Trusts - File Sharing
- Index(es):
Relevant Pages
|
