Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Grouper and AD

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Grouper and AD

Chronological Thread 
  • From: Chris Hyzer <>
  • To: THIA Jean-Marie <>, "" <>
  • Subject: RE: [grouper-users] Grouper and AD
  • Date: Fri, 13 Apr 2012 16:22:27 +0000
  • Accept-language: en-US

So is there a password in AD for each user and a password that Kerberos/radius uses for each user?  Or can a user/pass bind to AD happen where AD takes that user/pass and checks against Kerberos/radius so there is one password in the overall system?  We do this for openldap, but just curious if it is possible and someone has done this in AD… or do you standup an SSO password changer to use the SSO (Kerberos) password to be able to change one’s own AD password.





From: [mailto:] On Behalf Of THIA Jean-Marie
Sent: Friday, April 13, 2012 3:20 AM
Subject: RE: [grouper-users] Grouper and AD


Hi Chris,
For #1, it depends on your authN strategy. It might be helpful to consider AD as an LDAP directory that rely on Kerberos for the authentication mechanism.
So you can rely on Kerberos for SSO from your computer to your app our web app (works very well with IIS, SharePoint). Beside, you may also use CAS for web SSO as CAS can use SPNEGO / SSPI to get the Kerberos ticket (haven't  try that yet)
Hope that helped,
Jean Marie

Envoyé à partir de mon mobile

De : Rob Hebron
Envoyé : 12/04/2012 15:53
À :
Objet : Re: [grouper-users] Grouper and AD

On 12/04/12 14:40, Chris Hyzer wrote:
> Penn is planning to install and maintain a central Active Directory service.  A couple of questions:
> 1. Does anyone delegate the authentication to kerberos or radius?  How does that work?

For MIT kerberos these may be of interest:

There are many pitfalls, not least that may applications that claim to
support AuthN to AD do not support Kerberos.


Archive powered by MHonArc 2.6.16.

Top of Page