RE: OpenLDAP in Production

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: dreamwvr@dreamwvr.com [mailto:dreamwvr@dreamwvr.com]

> On Wed, Feb 26, 2003 at 06:43:47AM -0800, Howard Chu wrote:
> > Sounds like that book is very much out of date. It's a
> shame, Addison-Wesley contacted me a year or two ago about
> writing an OpenLDAP book and I didn't have time to pursue it.
> One of these days...
> That is a shame I would have liked to read that_book.
> Do you have opinions on
> McMillan Technology Series
> "LDAP Programming Directory Enabled Applications with
> Lightweight Directory Access Protocol"
> By Timothy A Howes, Ph.D
> Mark C. Smith

I haven't read it. Of course, these are the same folks who brought you the
LDAP specification in the first place, so I'm sure it won't steer you wrong.

> I find it so far a long haul. But the hardest trips are
> usually the most
> rewarding IMHO. I was hoping to use OpenLDAP w/kerberos and
> client certs
> authenticating user accounts. So once I understand what is
> already working
> then I can code whatever I need otherwise. (This is perfect IMO.)

Hmmm... In general, Kerberos and certificate-based authentication are
separate systems. You might be talking about Kerberos with the PK-Init
extension, but that is still only an Internet Draft, not a finalized spec.
For the most part, you use either Kerberos, or certificates, but not both at
once.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support