is that common to use kerberos authentication for SUN iplanet LDAP server?

Craig Huckabee huck at spawar.navy.mil
Thu Sep 1 16:08:09 EDT 2005


Markus,

   Two reasons:

   1)  We are working towards turning off non-SSL access to our Sun LDAP 
servers.

   2)  We ran into problems when talking to AD using Perl-LDAP/SASL 
without SSL.  IIRC, we couldn't do a password change over a non-SSL port 
- AD spit back an error.  Doing everything over SSL cleared up the problems.

But, yes, in most cases we could just use one or the other.

--Craig


Markus Moeller wrote:

> Craig,
> 
> you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption 
> too. What was the reason not to use SASL/GSSAPI with encryption. And example 
> is AD, which can be accessed via SASL/GSSAPI with encryption.
> 
> Thanks
> Markus
> 
> "Craig Huckabee" <huck at spawar.navy.mil> wrote in message 
> news:4316DEC8.5060809 at spawar.navy.mil...
> 
>>Kent Wu wrote:
>>
>>>   So my question is that is it pretty easy to enable Kerberos for SUN 
>>>LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>>
>>  We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy 
>>against MIT Kerberos 1.3.x and use MIT KDCs.  I think the binary versions 
>>they sold previously also use MIT Kerberos.
>>
>>  We now have several processes that regularly use only GSSAPI/SASL over 
>>SSL to authenticate and communicate with LDAP.  Works very well.
>>
>>HTH,
>>Craig
>>
>>________________________________________________
>>Kerberos mailing list           Kerberos at mit.edu
>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>
> 
> 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list