need help with LDAP plug-in code and liblber dependency

Luke Howard lukeh at
Thu May 25 23:11:27 EDT 2006

>I'm a bit concerned that we managed to hard-code authentication types
>in places.  n particular the KDC and kadmind require ssl and for
>example cannot use sasl auth.  The client appears to require password
>auth and for example cannot use sasl or ssl certs.

Agreed, I wouldn't want to be forced to use SSL.

I would want to take advantage of ldapi:// (LDAP over IPC) and SASL
EXTERNAL if supported by the LDAP client library and directory

Even if I was using SSL I still might want to use SASL EXTERNAL.

I would not make password authentication an option unless it uses
DIGEST-MD5 or some other mechanism that is secure and supports
integrity/privacy on the underlying connection.

-- Luke


More information about the krbdev mailing list