is that common to use kerberos authentication for SUN iplanet LDAP server?

Markus Moeller huaraz at moeller.plus.com
Thu Sep 1 19:43:36 EDT 2005 

Kent,

I used for example ldapsearch on a standard SuSE SLES 9 system with heimdal
Kerberos, cyrus-sasl and openldap.
On another system I compiled myself MIT Kerberos, cyrus-sasl and openldap.
The capture of the ldapsearch was not readable text. Keep in mind you need 
the MS pac authorisation
information in your Kerberos ticket, which means you have to authenticate to
AD.

Regards
Markus

"Kent Wu" <kwu at xsigo.com> wrote in message 
news:1125607445.15193.0.camel at jurassic.mvcorp.xsigo.com...
> Markus,
>
>   I know SASL/GSSAPI can do encryption according to the document
> however I tried a while back to enable the encryption against AD while
> doing kerberos authentication in my C program but failed. Did you really
> enable the encryption successfully in the program? If so then I must
> have missing something then....
>
> Thanks.
>
> -Kent
>
> On Thu, 2005-09-01 at 20:24 +0100, Markus Moeller wrote:
>> Craig,
>>
>> you say you use SASL + SSL. As far as I know SASL/GSSAPI can do 
>> encryption
>> too. What was the reason not to use SASL/GSSAPI with encryption. And 
>> example
>> is AD, which can be accessed via SASL/GSSAPI with encryption.
>>
>> Thanks
>> Markus
>>
>> "Craig Huckabee" <huck at spawar.navy.mil> wrote in message
>> news:4316DEC8.5060809 at spawar.navy.mil...
>> > Kent Wu wrote:
>> >>
>> >>    So my question is that is it pretty easy to enable Kerberos for SUN
>> >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>> >
>> >   We use Sun's LDAP server with PADL's GSSAPI plugin - we built our 
>> > copy
>> > against MIT Kerberos 1.3.x and use MIT KDCs.  I think the binary 
>> > versions
>> > they sold previously also use MIT Kerberos.
>> >
>> >   We now have several processes that regularly use only GSSAPI/SASL 
>> > over
>> > SSL to authenticate and communicate with LDAP.  Works very well.
>> >
>> > HTH,
>> > Craig
>> >
>> > ________________________________________________
>> > Kerberos mailing list           Kerberos at mit.edu
>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>> >
>>
>>
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
> -- 
> Kent Wu <kwu at xsigo.com>
> XSIGO INC.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list