Hmm... What I'm trying to accomplish here is a configuration where users
authenticate to the ldap server with username/password (no kerberos
ticket) and their password is checked from kerberos. Is this possible
to do with the standard plugins? I've had a hard time trying to figure
out how to do this... =) The idea in this is that we'd like to have
a single service for authenticating users, even for services that do not
This isn't supported in the current code.
If it's not possible, I'll look into writing a plugin that
Sounds good. First you'd need to figure out how to perform a proxied
against kerberos. With the existing SASL/GSSAPI mechanism we don't need
that because we're simply passing through the authentication payload
and the client. Presumably you'd need to do whatever 'kinit' does, but
inside the DS.