kerberos programming and ldap

Brian Davidson bdavids1 at gmu.edu
Mon Apr 12 13:40:37 EDT 2004


On Apr 12, 2004, at 9:38 AM, melissa_benkyo wrote:

> hello!!! thanks for the resposnse I was hoping not to use SASL since
> this means that it is a third party software. I was planning on using
> the native protocols available to the OS such as the ldap and the
> kerberos. Do u know how to use the kerberos with ldap? so is it not
> possible now to use kerberos directly with ldap since this is a LDAP
> v3?
>
> thanks so much for the help. :)

Melissa,

For ease of deployment, and future-proofing what you are trying to do, 
I suspect you will find that SASL is actually a better route to go.  
Non-SASL kerberos authentication support in LDAP clients is rare -- I'm 
not aware of any clients that support it.  But, there are a lot of LDAP 
clients which do support kerberos authentication via SASL.

You could modify OpenLDAP to directly support kerberos (instead of via 
SASL), but why re-invent the wheel?  A nice standards based way to do 
what you're trying to do already exists.  You could get cyrus-sasl, or 
something similar, up and running in less time than it would take you 
to develop a customized, non-standard ldap client, server and library.

Brian Davidson
George Mason University



More information about the Kerberos mailing list