Frank Cusack wrote: > Ideally, you'd use real Kerberos authentication for your applications > and just use LDAP for authorization. That's a far superior method; > see the Kerberos FAQ.
That's what i ended up with! I'm currently implementing that at work. Authentication via Kerberkos and authorization via LDAP. Glued together with a half done PAM-Module (still in development and heavily depending on heimdal utilities reverse engineering). > And SASL/GSSAPI has no bearing; if you're using GSSAPI you're using krb5 > (for authentication). > /fc ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
