need help with LDAP plug-in code and liblber dependency
psahukar at novell.com
Mon May 29 08:13:05 EDT 2006
>>> On Fri, May 26, 2006 at 8:41 AM, in message
<200605260311.k4Q3BSDx093252 at au.padl.com>, Luke Howard <lukeh at padl.com>
>>I'm a bit concerned that we managed to hard- code authentication
>>in places. n particular the KDC and kadmind require ssl and for
>>example cannot use sasl auth. The client appears to require
>>auth and for example cannot use sasl or ssl certs.
> Agreed, I wouldn't want to be forced to use SSL.
> I would want to take advantage of ldapi:// (LDAP over IPC) and SASL
> EXTERNAL if supported by the LDAP client library and directory
As of now, ldaps:// (LDAP over SSL) is only supported.
> Even if I was using SSL I still might want to use SASL EXTERNAL.
The SSL and SASL EXTERNAL combination is implemented and the same is
> I would not make password authentication an option unless it uses
> DIGEST- MD5 or some other mechanism that is secure and supports
> integrity/privacy on the underlying connection.
The password authentication uses ldap_simple_bind over ldaps://
More information about the krbdev