Kerberos vs. LDAP for authentication -- any opinions?
Andreas
andreas at conectiva.com.br
Wed Jan 28 16:47:23 EST 2004
On Wed, Jan 28, 2004 at 04:35:55PM -0500, Kevin Coffman wrote:
> But it does require you to send your password (over SSL) to the LDAP server
> which then uses SASL/GSSAPI to verify the password? Isn't that how this
> works, or am I missing something?
No, you are talking about using something like {SASL}stuff in the userPassword
attribute, which is still a simple bind from the client's point of view.
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
> Of Harry Le
> Sent: Wednesday, January 28, 2004 2:30 PM
> To: kerberos at mit.edu
> Subject: RE: Kerberos vs. LDAP for authentication -- any opinions?
>
>
> Not entirely true.
>
> Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos
> V5 credentials to authenticate users against LDAP directories. This will
> not require users to change passwords. For data privacy, use SSL.
>
> Joseph
More information about the Kerberos
mailing list