[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP vs SQL

To: openldap-general@openldap.org
Subject: RE: LDAP vs SQL
From: "David S." <davids@fruitfly.BDGP.Berkeley.EDU>
Date: Tue, 27 Oct 1998 17:46:15 -0800 (PST)
Content-md5: iwXzs4YiEGY1FEd5kNPqpQ==


> 
> > faqs and various web pages but there are still a few things I don't
> > understand. As far as I know, none of our OS's (Linux, HP-UX, SCO)
> 
> Linux can directly support LDAP with the nss_ldap module. I believe HP are
> working on native libc support for LDAP in HP-UX. I don't know about SCO,
> although they are interested.
> 
> > server and rebuilds files (password, shadow, tcb, group,
> > aliases, hosts,
> 
> That's one option. We wrote some Java classes for doing this some time ago.
> I know of at least one organization doing this with Perl scripts.
> 

I was under the impression that 'openldap' supports authentication (via 
Kerberos) of the client to the server, but not vice-versa.  If you are going to 
use 'openldap' as a network information service (passwords, groups, etc.), you 
need the server to authenticate itself to the clients.  If it can't, your 
clients are vulnerable to an attacker spoofing the server.  Also, you'd probably 
want the communication between the client and the server to take place over a 
secure channel.

So does 'openldap' support SSL yet?

> 
> 
> -- Luke
> 

David S.
davids@bdgp.org

Prev by Date: Re: LDAP vs SQL
Next by Date: RE: LDAP vs SQL
Index(es):
- Chronological
- Thread