PDA

View Full Version : Need kerberos authentication ability


mattospork
05-11-2004, 05:46 PM
Or external LDAP authentication into vBulletin for it to work in our company environment. Can anyone tell me if this has been done (authentication against an external OSX LDAP or (preferably) OSX kerberos server)?

If not, can someone provide an estimate for the cost of getting this modification performed? I have attempted to post this request into the "services requested" forums, but as I have not yet bought the software I see that I cannot post to that forum.

thanks

mattospork
05-29-2004, 06:34 AM
2+ weeks, no reply. This is not what I was hoping for. Is there anyone out there interested in this feature?

Milorad
05-29-2004, 12:52 PM
Why the hell do you want to do this? why not just secure the server?

filburt1
05-29-2004, 06:11 PM
Why the hell do you want to do this? why not just secure the server?
Not everybody uses the exact same setup or has the exact same preferences as you. Be more courteous in the future.

mattospork
06-06-2004, 06:53 AM
Why the hell do you want to do this? why not just secure the server?

I appreciate the effort that you put into your response to my post. If you were familiar with external authentication in general, Radius, LDAP or Kerberos specifically, you would understand that these systems are not only about server security. My specific BB environment has nothing to do with the BB server security. In an enterprise environment, consolidation or usernames, group memberships, access to network services and especially passwords is a critical task of the IT dept. In a fully "kerberized" envirnoment, a user would log into the network one time (into the kerberos server) with one password and not need to enter their username or password again to access any of the other network services to which they had permissions. All of those transactions happen between the kerberos server and any of the servers or services that have been subscribed by the sys admn. This also allows the sys admin to manage the users in a single database. Big time savings.

Zachery
06-06-2004, 06:58 AM
I appreciate the effort that you put into your response to my post. If you were familiar with external authentication in general, Radius, LDAP or Kerberos specifically, you would understand that these systems are not only about server security. My specific BB environment has nothing to do with the BB server security. In an enterprise environment, consolidation or usernames, group memberships, access to network services and especially passwords is a critical task of the IT dept. In a fully "kerberized" envirnoment, a user would log into the network one time (into the kerberos server) with one password and not need to enter their username or password again to access any of the other network services to which they had permissions. All of those transactions happen between the kerberos server and any of the servers or services that have been subscribed by the sys admn. This also allows the sys admin to manage the users in a single database. Big time savings.
Mattospork, i know the devs are looking into this at some point for vB3, i cant say when or if it will ever bee released, and i belive they are looking at LDAP. however i dont and cant say much more. I do understand the want and need for single point administration

scooterfreaks
06-13-2004, 12:20 PM
I'm also interessted in this feature! Hope it will be released.

movielad
08-05-2004, 12:01 PM
I'd certainly be interested in something along these lines - we want to be able to reduce the amount of usernames and passwords our users have to remember and use on our network and some kind of external authentication would be marvellous.

Regards,

Martyn

KW802
08-10-2004, 11:27 PM
:( Well, there goes one idea I had for our intranet.

malcolmx
08-31-2004, 10:56 AM
yeah, some ldap integration would be really cool. we do have all accounts in our ldap servers, even active directory is syncronised with ldap. so holding userdata in mysql is not really a choice.. but we have to do it

-andy

vaughnagon
07-07-2005, 10:50 PM
While direct ldap or kerboros auth would be ideal, if the auth is cookie based and on the same base domain, can't another app verify your user's auth based on the presence and verification of your cookie? I'm thinking that if instead of sending your potential vbulletin user straight to the vbulletin home page, you send them to an intermediate page that mimics login.php's functionality. First, does the ldap or kerberos auth loop, then makes the same form submittal that login.php makes. The cookie gets written and your user is auth'd. Then, redirect to home page. You would have to alter and automate the account registration steps so that they would be in sync. An un-auth'd user would get a simple message that they need to contact the admin.

Is this possible?

zerofill
04-21-2006, 01:04 AM
Here too. We'd like to see an LDAP implementation to cut down on the amount of different usernames/passwords our users need to remember and/or change.

Mark Tomlinson
12-03-2007, 05:08 PM
I realize this thread is old. But I'm going to post this for the benefit of future customers looking for LDAP authentication.

I know of two LDAP extensions for vBulletin.
https://vborg.vbsupport.ru/showthread.php?p=1391299
https://vborg.vbsupport.ru/showthread.php?t=148573

I prefer the first one listed above, your experience may be different.

nexialys
12-03-2007, 06:43 PM
would be appropriate to have the "close threads after X days after last reply"... bumping these threads are completely useless, and more, may bring new visitors to think that there is nothing else to discuss here.. lol

msu2k
12-14-2007, 01:23 PM
Has there been any movement on this?