kerberos vs ldap

Danny Mayer mayer at ntp.isc.org
Sun Mar 30 21:56:27 EDT 2008


Donn Cave wrote:

>> LDAP has nothing whatsoever to do with authorization. It's a data 
>> storage and retrieval mechanism. If you choose to use it for 
>> authorization that's up to you.
> 
> Taken out of context, that's true, but conversations
> like this can be awfully tedious if we have to drag
> around explicit context.  Give us a break, OK?  How
> would you explain the relation between LDAP vs. Kerberos?

Not at all. I've done authentication with both LDAP and Kerberos. Each 
has different goals. LDAP is not an authorization protocol either though 
it can be used that way. You can also use database tables to do 
authorization. These are just different implementation strategies. I've 
used both. The choices that need to be made depend on both your goals 
and your architecture.

Danny

>    Donn Cave, donn at u.washington.edu



More information about the Kerberos mailing list