[fw-wiz] LDAP and Kerberos?

From: Christopher Hicks (chicks_at_chicks.net)
Date: 09/18/04

  • Next message: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?" 
    To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>
Date: Fri, 17 Sep 2004 19:18:06 -0400 (EDT)

    We've been having a discussion here recently about priorities for
    deploying LDAP authentication across a few Linux boxen and associated web
    applications spread from coast to coast. One of the folks involved is a
    fan of Kerberos and feels that in addition to the already-agreed-upon LDAP
    over SSL that we should have Kerberos handle the authentication to give
    single sign-on capabilities. This sounds nice in theory, but I'm wary to
    slow down moving to LDAP authentication. The web apps don't support
    Kerberos so we know we're going to authenticate those across LDAP.

    Does anyone have any experiences with doing LDAP and Kerberos together?

    Can anyone make a better case for why going with Kerberos is worth the
    trouble? 

    -- 
</chris>
There are two ways of constructing a software design. One way is to make 
it so simple that there are obviously no deficiencies. And the other way 
is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"

    Relevant Pages

    • Re: LDAP Authentication
      ... as it is designed to do LDAP authentication. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I need to authenticate him for his login, ...
      (microsoft.public.dotnet.security)
    • Re: cannot login after ldap setup
      ... > access since their log in shells will be ... > Connection to up closed by remote host. ... > What I don't understand is that even if ldap authentication is ...
      (comp.security.ssh)
    • RE: LDAP authentication with UPN - ISA 2006
      ... we can use the following format when using LDAP ... LDAP authentication with UPN - ISA 2006 ...
      (microsoft.public.isa)
    • Sendmail using LDAP authentication
      ... use LDAP authentication only. ... have a Linux account. ... The user of my Unix Account should not use LDAP for authentication. ... I want to know what I've to change which configuration file and what ...
      (comp.mail.sendmail)
    • Re: Authenticating LDAP connection with current windows users credentials?
      ... setup and theory behind an ldap ... The Kerberos only works with ADS right now but that is sufficient for your situation. ... when the user has logged in interactively and therefore has a valid Kerberos ticket cached in Windows logon credential cache. ... CallbackHandler callbackHandler = new KerbCallback; ...
      (comp.lang.java.programmer)