is that common to use kerberos authentication for SUN iplanet LDAP server?
Craig Huckabee
huck at spawar.navy.mil
Thu Sep 1 16:08:09 EDT 2005
Markus,
Two reasons:
1) We are working towards turning off non-SSL access to our Sun LDAP
servers.
2) We ran into problems when talking to AD using Perl-LDAP/SASL
without SSL. IIRC, we couldn't do a password change over a non-SSL port
- AD spit back an error. Doing everything over SSL cleared up the problems.
But, yes, in most cases we could just use one or the other.
--Craig
Markus Moeller wrote:
> Craig,
>
> you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption
> too. What was the reason not to use SASL/GSSAPI with encryption. And example
> is AD, which can be accessed via SASL/GSSAPI with encryption.
>
> Thanks
> Markus
>
> "Craig Huckabee" <huck at spawar.navy.mil> wrote in message
> news:4316DEC8.5060809 at spawar.navy.mil...
>
>>Kent Wu wrote:
>>
>>> So my question is that is it pretty easy to enable Kerberos for SUN
>>>LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>>
>> We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy
>>against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions
>>they sold previously also use MIT Kerberos.
>>
>> We now have several processes that regularly use only GSSAPI/SASL over
>>SSL to authenticate and communicate with LDAP. Works very well.
>>
>>HTH,
>>Craig
>>
>>________________________________________________
>>Kerberos mailing list Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list