Kerberos vs. LDAP for authentication -- any opinions?

Christian Nordmann poedi at orgatech.de
Thu Feb 12 15:10:44 EST 2004


Frank Cusack wrote:

> Ideally, you'd use real Kerberos authentication for your applications
> and just use LDAP for authorization.  That's a far superior method;
> see the Kerberos FAQ.

That's what i ended up with! I'm currently implementing that at work.
Authentication via Kerberkos and authorization via LDAP. Glued together 
with a half done PAM-Module (still in development and heavily depending 
on heimdal utilities reverse engineering).

> And SASL/GSSAPI has no bearing; if you're using GSSAPI you're using krb5
> (for authentication).

> /fc


More information about the Kerberos mailing list