SASL/GSSAPI bind in LDAP plugin?

Sam Hartman hartmans at MIT.EDU
Thu Feb 23 21:37:50 EST 2006

>>>>> "greg" == greg  <greg at> writes:

    greg> I find it mystifying that anyone following this thread would conclude
    greg> this process is simplifying anything.

    greg> Identity (directory) stores and authentication stores are and should
    greg> be separate data repositories.  Combining the two is a wrong-headed
    greg> approach, IMHO.

For most environments I tend to agree with you.

I think that LDAP should be used as an admin protocol but not as a
database storage protocol.

The world, prompted by Microsoft's design choices, seems to disagree.


More information about the krbdev mailing list