[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos 5 support

Matthew Palmer wrote:
> Is there any particular reason why Kerberos 5 support hasn't been
> implemented in OpenLDAP yet?  Or has it?  The manual page for ldap_bind that
> I have (OK, dated 22 September 1998 - they came with Debian 2.2) state that
> Kerberos 4 is the supported version.  Is that now incorrect as of latest
> versions?

With the help of Cyrus-SASL support for the GSSAPI SASL mechamism (Krb5)
is availalbe in OpenLDAP 2.0.x.
> Also, what is the status of Kerberos-based link encryption?  Obviously SSL
> is a possibility, but I understand that it requires the Netscape SDK, and
> Kerberos does have support for link encryption.  Are there any plans to
> incorporate this as an alternative, or is it already available?

OpenLDAP 2.0.x now also nativly supports SSL (ie. LDAPS and TLS). 
When using GSSAPI an encryption layer (DES, 56bit) is enabled by

Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de