[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Munging an OpenLDAP slapd server





--On Wednesday, January 25, 2006 3:56 PM -0700 Jon Roberts <jon@jonanddeb.net> wrote:


I think you could just use saslauthd to forward the password stuff to
the KDC, to get whether or not they can bind?

I have read about both approaches on this list before, but I've never seen a comparison of the advantages or disadvantages. From what I recall, Howard Chu refers to saslauthd as worthless even when configuring SASL. What is the essential difference between having slapd, saslauthd, and/or the client itself performing kerberos authentication?

I've never set it up, and from what I understand, it'll kill the performance of the server. The real problem here of course is applications requiring a password from the LDAP server rather than going straight to the KDC...


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html