Kerberos Digest, Vol 13, Issue 31

Henry B. Hotz hotz at jpl.nasa.gov
Sat Jan 31 04:30:55 EST 2004


Well, what we do here is have the LDAP server do a kinit against the 
central kerberos server for authentication.  Native kerberos is a lot 
more convenient for the users, but you can solve the security issues 
without it on a case-by-case basis.

I see no need for a religious war.

At 6:37 PM -0500 1/28/04, kerberos-request at mit.edu wrote:
>Date: 28 Jan 2004 07:32:46 -0800
>From: cyberp70 at yahoo.com
>To: kerberos at MIT.EDU
>Subject: Kerberos vs. LDAP for authentication -- any opinions?
>Message-ID: <366a42e3.0401280732.30484480 at posting.google.com>
>Precedence: list
>Message: 9
>
>At the risk of starting a religious war....
>
>We currently use Kerberos for authentication for almost everything
>on our network.  Some people here are advocating switching to using
>LDAP for authentication (we already have a pretty well developed LDAP
>infrastructure).  This would of course require everyone to change
>their password as well the trauma of recoding applications that
>currently use Kerberos and haven't been converted to using PAM.
>
>Anyone have any pointers to information about the relative merits
>of using Kerberos or LDAP for authentication in a large heterogeneous
>environment?
>
>Any info is, of course, greatly appreciated.
>
>- C
>
>--
>Email:  cyberp70 at yahoo.com


-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu


More information about the Kerberos mailing list