Sun One Directory Server + Kerberos

Luke Howard lukeh at PADL.COM
Tue Jun 17 09:21:02 EDT 2003

>Both of these simply take the credentials passed during LDAP 
>authentication, and send them off to the KDC for verification.
>PADL's ( plugin, I believe, will do "true" kerberos 
>authN, where a user with a pre-auth'd ticket can use those credentials 
>to access information in the LDAP directory, without re-authN'ing.

That's correct -- our plugin does "true" Kerberos authentication,
using the GSS-API SASL mechanism. More information is at:

Of course, it turns out most people mean "validating a user's initial
credentials (aka. password) against Kerberos" when they speak of
"Kerberos authentication". While our plugin does also support this
(using PAM) there are alternatives such as those you mentioned.


-- Luke

Luke Howard | PADL Software Pty Ltd |

More information about the Kerberos mailing list