Coda File System

Coda authentification & LDAP

From: S. Cance <>
Date: Wed, 07 Mar 2007 19:19:41 +0100

I'm working on a network where every services use LDAP to authenticate 
That's why I am working on a LDAP based clog utility.

I'am trying to do things right, so that it can be used by others. I 
don't know if this is of any kind of interest to the Coda users.
Using LDAP is prety easy since we just have to bind to the LDAP server 
using a given username & password to check if we are authorised.

Still, the source code is quite complicated and I could use a hand on 
some of my questions :
    - are ACLs checker(s) only based on tokens, or do they make 
references to the user database ?
what I mean here is : do I have to create a new user in pdbtool for each 
of the users in the LDAP database ?
If I do, is it possible to check if a user exists in the server database 
without using any password ?
    - I see in U_BindToServer (line 325 of coda/coda-src/auth2/auser.c) 
a loop on each of the auth servers. while using LDAP there is only one 
LDAP server, do the tokens have to be registered to each servers or is 
it that the tokens are stored on the client and sent to the servers at 
each requests if needed ?
    - I am not sure where the token is generated, I don't really get the 
whole token system in fact, if it is generated by the client wouldn't 
that be a security issue ? So if it generated by the server, LDAP auth 
doesn't seems that easy :(

do you think it is usefull to create a whole new way to authenticate 
users, or should I create a tool to synchronize coda user database with 
the ldap ?

thanks a lot

Received on 2007-03-07 13:21:38