Not entirely true. Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos V5 credentials to authenticate users against LDAP directories. This will not require users to change passwords. For data privacy, use SSL.
Joseph -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Altman Sent: Wednesday, January 28, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos vs. LDAP for authentication -- any opinions? LDAP is not an authentication infrastructure. All you are doing with LDAP is providing a database of usernames and passwords which is accessible over the network. Your users must then transmit said usernames and passwords across the network to a potentially compromised machine in order for them to be validated against the copies stored in LDAP. To me this approach is unacceptable. [EMAIL PROTECTED] wrote: > At the risk of starting a religious war.... > > We currently use Kerberos for authentication for almost everything > on our network. Some people here are advocating switching to using > LDAP for authentication (we already have a pretty well developed LDAP > infrastructure). This would of course require everyone to change > their password as well the trauma of recoding applications that > currently use Kerberos and haven't been converted to using PAM. > > Anyone have any pointers to information about the relative merits > of using Kerberos or LDAP for authentication in a large heterogeneous > environment? > > Any info is, of course, greatly appreciated. > > - C > > -- > Email: [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos