LDAP is not an authentication infrastructure. All you are doing with LDAP is providing a database of usernames and passwords which is accessible over the network. Your users must then transmit said usernames and passwords across the network to a potentially compromised machine in order for them to be validated against the copies stored in LDAP.
To me this approach is unacceptable. [EMAIL PROTECTED] wrote: > At the risk of starting a religious war.... > > We currently use Kerberos for authentication for almost everything > on our network. Some people here are advocating switching to using > LDAP for authentication (we already have a pretty well developed LDAP > infrastructure). This would of course require everyone to change > their password as well the trauma of recoding applications that > currently use Kerberos and haven't been converted to using PAM. > > Anyone have any pointers to information about the relative merits > of using Kerberos or LDAP for authentication in a large heterogeneous > environment? > > Any info is, of course, greatly appreciated. > > - C > > -- > Email: [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos