Sun One Directory Server + Kerberos
lukeh at PADL.COM
Tue Jun 17 09:21:02 EDT 2003
>Both of these simply take the credentials passed during LDAP
>authentication, and send them off to the KDC for verification.
>PADL's (http://padl.com) plugin, I believe, will do "true" kerberos
>authN, where a user with a pre-auth'd ticket can use those credentials
>to access information in the LDAP directory, without re-authN'ing.
That's correct -- our plugin does "true" Kerberos authentication,
using the GSS-API SASL mechanism. More information is at:
Of course, it turns out most people mean "validating a user's initial
credentials (aka. password) against Kerberos" when they speak of
"Kerberos authentication". While our plugin does also support this
(using PAM) there are alternatives such as those you mentioned.
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the Kerberos