[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is Openldap a Authorization or Authentication system?



Hi Nick,

Thanks for the explanation. Does AAI mean Authentication Authorization Identity and SSO mean Single Sign On? 
As per your example of  OpenLDAP + Kerberos or Radius. is Openldap used for Authentication and Kerberos or Radius server for Authorization? Please clarify. 

Regards,

Kaushal

On Mon, 10 Aug 2015 at 17:37 Nick Milas <nick@eurobjects.com> wrote:
On 10/8/2015 2:16 μμ, Kaushal Shriyan wrote:

> I am not sure if i understand the difference between Authorization and
> Authentication. Does Openldap support both or it supports or
> configured as Authorization or Authentication server? I will
> appreciate if somebody can help me understand with some examples.
>
>

 From Wikipedia: "Authentication is the act of confirming the truth of
an attribute of a datum or entity. This might involve confirming the
identity of a person or software program, tracing the origins of an
artifact, or ensuring that a product is what its packaging and labeling
claims to be." That's how we know who an application talks to.

 From Wikipedia: "Authorization is the function of specifying access
rights to resources." After authentication we know the person, but we
still unsure whether it's supposed to access a given resource and hence
the need for authorization.

To get to know Openldap, read: http://www.openldap.org/doc/admin24/

Everything depends on what you are trying to do, your project needs.

An example for AAI services would be something like OpenLDAP + Kerberos
or Radius. Google for AAI / SSO systems.

Best regards,
Nick