- Novell eDirectory + LDAP.
- Kerberos Server.
- Shibboleth IDP with Kerberos Auth Plugin.
- Kerberos Client.
- Novell Client.
- Mozilla Firefox. (Tested browser)
How it’s work
- User logs in to the PC using a novell client.
- When user is authenticated, the kerberos client automatically login using the same username and password. Because Kerberos server and eDirectory use the same LDAP database, kerberos client should be authenticated and get the kerberos ticket.
- When user authenticate to the Shibboleth IDP, Firefox will send the kerberos ticket to the Shibboleth IDP. Shibboleth IDP will contact the kerberos server to check whether the ticket is valid or not. If valid, then Shibboleth IDP allows the user to access the service.
- With this infrastructure, the current LDAP database should be extended to accept Kerberos schema.
- Kerberos Server must be installed and uses LDAP as database.
- Each kerberos user principal should be mapped to the eDirectory user.
- The use of universal password would gain a benefit to maintain a single password entry.