is that common to use kerberos authentication for SUN iplanet LDAP server?
Wachdorf, Daniel R
drwachd at sandia.gov
Thu Sep 1 11:38:19 EDT 2005
You can use Sun's Directory server with non Sun kdc, you just have to
have SEAM (Sun's Kerberos) setup on the director server (ie - it needs
the client libs). If you have an install on Solaris 9 or 10 I don't
even then you need to install anything - the Kerberos libs are already
there. (You will have to run the directory server on a Solaris box).
See http://docs.sun.com/source/817-7613/ssl.html
-dan
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Kent Wu
Sent: Wednesday, August 31, 2005 3:29 PM
To: kerberos at mit.edu
Subject: is that common to use kerberos authentication for SUN iplanet
LDAP server?
Hi guys,
Does anyone have experience on this to share?
I've set up a SUN LDAP server and it's running fine by
using simple authentication so far. Of course I want to
make it more secure (to protect the password while binding
to LDAP server) so I'm thinking either MD5-Digest or Kerberos.
However looks like SUN LDAP itself doesn't have kerberos
abilities and I have to install SEAM (Sun Enterprise Authentication
Mechanism) separately to enable Kerberos.....
So I was thinking that if I can easily configure SUN LDAP to
use MD5-digest then that should be the easiest however it seems
that I have to store the password as plain-text in LDAP
server to enable MD5-digest and I don't want to do that (Let
me know if there are other easier ways to enable MD5-digest).
So my question is that is it pretty easy to enable Kerberos
for SUN LDAP after installing SEAM? Or can SUN LDAP use other
KDC as well?
Thanks a lot in advance !
P.S, I know LDAPS (LDAP over SSL) can easily achieve my goal
however I kinda think it's an overkill since I don't really
need to protect all the LDAP transactions except for the
password part...
-Kent
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list