[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kerberos support any more?

"Brian J. Murrell" <brian@interlinx.bc.ca> writes:

> I'm noticing this:
> http://www.openldap.org/lists/openldap-bugs/200701/msg00009.html and
> wonder what that really means for OpenLDAP and Kerberos.  Is there no
> longer any support in OpenLDAP for Kerberos?

No, the correct way of supporting Kerberos is by way of SASL, which
OpenLDAP continues to support.  Via SASL you can negotiate GSSAPI
authentication using Kerberos v5.

kbind was a non-SASL authentication mechanism that predated the much
better SASL support and is now obsolete.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>