Kerberos Backend for LDAP

Sam Hartman hartmans at MIT.EDU
Tue Apr 15 17:20:18 EDT 2003

>>>>> "Booker" == Booker Bense <bbense at SLAC.Stanford.EDU> writes:

    Booker> - There are quite a few people that think this kind of
    Booker> setup would be a good idea. It would help in a lot of
    Booker> areas in which kerberos is currently very weak or has
    Booker> missing standards.  Probably the biggest benefit would be
    Booker> a standardized admin interface and an incremental
    Booker> replication protocol. Although since LDAP lacks record
    Booker> locking, you'd have to be a bit careful.

I don't think you can get both from the same approach.  And I'm not
convinced that LDAP replication is really enough for Kerberos's needs.

More information about the Kerberos mailing list