[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Kerberos 5 Support for OpenLDAP-release
At 03:51 PM 9/22/99 -0400, Ben Collins wrote:
>On Wed, Sep 22, 1999 at 12:28:57PM -0700, Kurt D. Zeilenga wrote:
>> I have to agree with Booker here. The current Kerberos
>> support should be deprecated in favor of a well designed,
>> well implemented SASL solution. I do not think anything
>> else will ever obtain enough support to be widely deployed.
>> IETF LDAPext WG would surely object to any non-SASL
>> approachs to support KerberosV.
>>
>> I have already committed the basic SASL infrastructure,
>> I'd love to see:
>> DIGEST-MD5 method (self contained implementation)
>> Cyrus SASL integration (SASL plug in support)
>> SASL/StartTLS
>>
>> Kurt
>>
>
>If that's the case, then for the sake of clean code, I will start purging
>the old krb4 code from the devel branch and start working integrating krb5
>via SASL.
deprecate != purge necessarily...
But considerring that the krb4 code is broken and no one has stepped
forward to fix it...
As far as implementing Kerberos, I suggest review Cyrus SASL's
supported mechanisms:
ANONYMOUS
CRAM-MD5
KERBEROS_V4
PLAIN
SCRAM-MD5 (deprecated)
GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5)
DIGEST-MD5 (no support for layers)
http://asg.web.cmu.edu/sasl/sasl-library.html