kerberos programming and ldap
Brian Davidson
bdavids1 at gmu.edu
Mon Apr 12 13:40:37 EDT 2004
On Apr 12, 2004, at 9:38 AM, melissa_benkyo wrote:
> hello!!! thanks for the resposnse I was hoping not to use SASL since
> this means that it is a third party software. I was planning on using
> the native protocols available to the OS such as the ldap and the
> kerberos. Do u know how to use the kerberos with ldap? so is it not
> possible now to use kerberos directly with ldap since this is a LDAP
> v3?
>
> thanks so much for the help. :)
Melissa,
For ease of deployment, and future-proofing what you are trying to do,
I suspect you will find that SASL is actually a better route to go.
Non-SASL kerberos authentication support in LDAP clients is rare -- I'm
not aware of any clients that support it. But, there are a lot of LDAP
clients which do support kerberos authentication via SASL.
You could modify OpenLDAP to directly support kerberos (instead of via
SASL), but why re-invent the wheel? A nice standards based way to do
what you're trying to do already exists. You could get cyrus-sasl, or
something similar, up and running in less time than it would take you
to develop a customized, non-standard ldap client, server and library.
Brian Davidson
George Mason University
More information about the Kerberos
mailing list