Kerberos vs. LDAP for authentication -- any opinions?
Christian Nordmann
poedi at orgatech.de
Thu Feb 12 15:10:44 EST 2004
Frank Cusack wrote:
> Ideally, you'd use real Kerberos authentication for your applications
> and just use LDAP for authorization. That's a far superior method;
> see the Kerberos FAQ.
That's what i ended up with! I'm currently implementing that at work.
Authentication via Kerberkos and authorization via LDAP. Glued together
with a half done PAM-Module (still in development and heavily depending
on heimdal utilities reverse engineering).
> And SASL/GSSAPI has no bearing; if you're using GSSAPI you're using krb5
> (for authentication).
> /fc
More information about the Kerberos
mailing list