is that common to use kerberos authentication for SUN iplanet LDAP server?

Kent Wu kwu at xsigo.com
Thu Sep 1 16:46:39 EDT 2005


Markus,

   I know SASL/GSSAPI can do encryption according to the document
however I tried a while back to enable the encryption against AD while
doing kerberos authentication in my C program but failed. Did you really
enable the encryption successfully in the program? If so then I must
have missing something then....

Thanks.

-Kent

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Markus Moeller
Sent: Thursday, September 01, 2005 12:24 PM
To: kerberos at mit.edu
Subject: Re: is that common to use kerberos authentication for SUN
iplanet LDAP server?

Craig,

you say you use SASL + SSL. As far as I know SASL/GSSAPI can do
encryption 
too. What was the reason not to use SASL/GSSAPI with encryption. And
example 
is AD, which can be accessed via SASL/GSSAPI with encryption.

Thanks
Markus

"Craig Huckabee" <huck at spawar.navy.mil> wrote in message 
news:4316DEC8.5060809 at spawar.navy.mil...
> Kent Wu wrote:
>>
>>    So my question is that is it pretty easy to enable Kerberos for
SUN 
>> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>
>   We use Sun's LDAP server with PADL's GSSAPI plugin - we built our
copy 
> against MIT Kerberos 1.3.x and use MIT KDCs.  I think the binary
versions 
> they sold previously also use MIT Kerberos.
>
>   We now have several processes that regularly use only GSSAPI/SASL
over 
> SSL to authenticate and communicate with LDAP.  Works very well.
>
> HTH,
> Craig
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 



________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list