Kerberos vs. LDAP for authentication -- any opinions?
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Jan 28 11:19:29 EST 2004
LDAP is not an authentication infrastructure.
All you are doing with LDAP is providing a database of usernames
and passwords which is accessible over the network. Your users
must then transmit said usernames and passwords across the network
to a potentially compromised machine in order for them to be validated
against the copies stored in LDAP.
To me this approach is unacceptable.
cyberp70 at yahoo.com wrote:
> At the risk of starting a religious war....
>
> We currently use Kerberos for authentication for almost everything
> on our network. Some people here are advocating switching to using
> LDAP for authentication (we already have a pretty well developed LDAP
> infrastructure). This would of course require everyone to change
> their password as well the trauma of recoding applications that
> currently use Kerberos and haven't been converted to using PAM.
>
> Anyone have any pointers to information about the relative merits
> of using Kerberos or LDAP for authentication in a large heterogeneous
> environment?
>
> Any info is, of course, greatly appreciated.
>
> - C
>
> --
> Email: cyberp70 at yahoo.com
More information about the Kerberos
mailing list