Sun One Directory Server + Kerberos
Luke Howard
lukeh at PADL.COM
Tue Jun 17 09:21:02 EDT 2003
>Both of these simply take the credentials passed during LDAP
>authentication, and send them off to the KDC for verification.
>
>PADL's (http://padl.com) plugin, I believe, will do "true" kerberos
>authN, where a user with a pre-auth'd ticket can use those credentials
>to access information in the LDAP directory, without re-authN'ing.
That's correct -- our plugin does "true" Kerberos authentication,
using the GSS-API SASL mechanism. More information is at:
http://www.padl.com/Products/KerberosAuthenticationPlu.html
Of course, it turns out most people mean "validating a user's initial
credentials (aka. password) against Kerberos" when they speak of
"Kerberos authentication". While our plugin does also support this
(using PAM) there are alternatives such as those you mentioned.
regards,
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the Kerberos
mailing list