Rpository is archived. Concider alternative opendj-kpa
This is an OpenDJ authentication policy plugin for users whose credentials are managed by an external Kerberos realm.
- Java sdk 1.6 or above
- Apache ANT
- OpenDJ installation
- build and install the extention
```$ ant -Dopends.install.dir=/path/to/opendj install```
- restart the server
```$ bin/stop-ds --restart```
- configure the pass-through for kerberos
```
$ bin/dsconfig -X create-password-policy \
--type kerberos-pass-through \
--policy-name "Krb5 Pass Through" \
--set krb5-realm:EXAMPLE.COM \
--set mapped-attribute:uid
```
- assign pass-through authentication to users
You assign authentication policies in the same way as you assign password
policies, by using the ***ds-pwp-password-policy-dn*** attribute:
```ds-pwp-password-policy-dn: cn=Krb5 Pass Through,cn=Password Policies,cn=config```
Users depending on pass through authentication no longer need a local password policy,
as they no longer authenticate locally.