Re: Password Program of LDAP, SASL, and Kerberos

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 05:00 AM 2002-01-07, Dr. Arul Veda Manickam wrote:

>Hi All,
>   when I want to  use LDAP+SASL+kerberos for Single Sign
>on solution, what are the significance of Password programs
>sush as,
>
>1) ldappasswd
>2) slappasswd
>3) saslpasswd
>4)kerberos passwd through kadmin module.

Well, if you truly are doing Kerberos V based single sign-on
(provide credentials once per session, access multiple
services without need for credentials again), then you
need to use Kerberos V to manage your credentials.  That's
a topic for a Kerberos V list.

If you are doing shared credentials (have same (single)
credentials for multiple services but must provide them
with each service access), then it depends on what service
is managing the credentials.

In your diagram, it appears you are using Kerberos V to
manage your credentials.  So you need to use Kerberos
management tools. That's a topic for a Kerberos V list.

>How can I use one single user and passwd to enable SSO in
>the follwing sequence?
>
>login -> PAM -> PAM/LDAP -> SSL/TLS -> SASL -> LDAP ->
>KerberosV

Why not:
        login -> PAM -> KerberosV

or (if you OS supports it):
        login -> KerberosV

Kurt