By hstsao on Jul 13, 2004
Active Directory (AD) offer LDAPV3 and use Kerberos to store the passwd.
Java_ES DS storae passwd inside the LDAP DIT tree and if you want to use Kerbeors to store passwd then one need to write a preop plugins to interact with KDC for authentication.
Many Usiversity use MIT Kerberos to store passwd, SUN EDU LOB did fund a project for Univ user to write a plugin to service this purpose.
There are many contributed to this project: Michael Gettes, Jeremy Rumpf duke Extension to krbdirp By Bob Carter
Many user prefer SUN come out with an official Plugins so one can use kerberos to store Passwd.
Original goal of funding this project is for SUN DS group to see the demand of this plugins and may come out with an official one.
In DS 5.2 there is a feature and demonstration How one can use SASL to interaction with kerberos services.
The problems are , in order to use this feature, all the clients need to be modified and need to know SASL.
This is exactly what cyrus project provide.
So even through there is a SASL interface in DS5.2, but not very practical, because very few clients can take advantage this feature.
We have ask the DS PM to add this feature but the answer is " no business case".
IMHO, if AD provide this feature, and MSFT service 90% of PC users, This is good enough Business case