[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mapping userPassword to Kerberos 5



* Paul M Fleming (pfleming@siumed.edu) wrote:
> I'm not a user of the Debian packages (use custom Redhat rpms) -- but my
> two cents.

Thanks, I appriciate the thought.

> --enable-kpasswd is a viable option in some environments. We don't allow
> users to directly bind to LDAP BUT we have some commercial applications
> that don't understand Kerberos directly but DO understand LDAP + SSL/TLS
> for authentication. Technically, this isn't a truly "kerberos" solution
> but we've decided that single signon is more important -- in our case we
> can control which apps / networks the App -> LDAP -> Kerberos
> authentication takes place. It isn't a perfect solution - I'd love to
> have all my apps speak native kerberos or gssapi but that's just not
> reality when you're trying to integrate a heterogeneous multi
> application environment. 

What about using {SASL} instead of {KERBEROS}?  I'm wondering if that
works, I'd think it would..

	Stephen

Attachment: pgpP96TMysdM2.pgp
Description: PGP signature