C H A P T E R 1
Concepts
Local Cached User Authentication
Local Cached User authentication is used for mobile home directories. The authority data field must be present. Its format is
DS Nodename:DS Recordname:DS GUID
where the colon (:) character delimits the three individual strings. All three strings are required. The first string is any valid node name in
If the authority data field is absent or malformed, the authentication authority attribute value must be ignored and must result in failure to authenticate any client that attempts authentication using it. No other authentication type can be combined with this authentication type.
Here are some examples of properly formed authentication authority attribute values for Local Cached User authentication:
Kerberos Version 5 Authentication
For Kerberos Version 5 authentication, the authority data field is formatted as follows:
[UID];[user principal (with realm)]; realm; [realm public key]
The optional
The optional user principal is the user principal for this user within the Kerberos system. If the user principal is not present, the user name and the realm are used to generate the principal name (user@REALM). This allows a fixed authentication authority value to be set up and applied to all user records in a database.
The required realm is the name of the Kerberos realm to which the user belongs.
The optional realm public key may be used to authenticate the KDC in a future release.
The following example yields a user principal of kerbdude@LDAP.EXAMPLE.COM:
;Kerberosv5;;Kerberosv5;0x3f71f7ed60eb4a19000003dd000003dd;kerbdude@LDAP. EXAMPLE.COM;LDAP.EXAMPLE.COM;1024 35 148426325667675065063924525312889134704829593528054246269765042088452509 603776033113420195398827648618077455647972657589218029049259485673725023 256091629016867281927895944614676546798044528623395270269558999209123531 180552515499039496134710921013272317922619159540456184957773705432987195 533509824866907128303 root@ldap.example.com
Open Directory Overview | 19 |