[fw-wiz] LDAP and Kerberos?

• Previous message: R. DuFresne: "Re: [fw-wiz] IPv6 redo;;"
• Next in thread: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>
Date: Fri, 17 Sep 2004 19:18:06 -0400 (EDT)

We've been having a discussion here recently about priorities for
deploying LDAP authentication across a few Linux boxen and associated web
applications spread from coast to coast. One of the folks involved is a
fan of Kerberos and feels that in addition to the already-agreed-upon LDAP
over SSL that we should have Kerberos handle the authentication to give
single sign-on capabilities. This sounds nice in theory, but I'm wary to
slow down moving to LDAP authentication. The web apps don't support
Kerberos so we know we're going to authenticate those across LDAP.

Does anyone have any experiences with doing LDAP and Kerberos together?

Can anyone make a better case for why going with Kerberos is worth the
trouble?

-- 
</chris>
There are two ways of constructing a software design. One way is to make 
it so simple that there are obviously no deficiencies. And the other way 
is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: R. DuFresne: "Re: [fw-wiz] IPv6 redo;;"
• Next in thread: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] LDAP and Kerberos?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: LDAP Authentication ... as it is designed to do LDAP authentication. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I need to authenticate him for his login, ... (microsoft.public.dotnet.security) Re: cannot login after ldap setup ... > access since their log in shells will be ... > Connection to up closed by remote host. ... > What I don't understand is that even if ldap authentication is ... (comp.security.ssh) RE: LDAP authentication with UPN - ISA 2006 ... we can use the following format when using LDAP ... LDAP authentication with UPN - ISA 2006 ... (microsoft.public.isa) Sendmail using LDAP authentication ... use LDAP authentication only. ... have a Linux account. ... The user of my Unix Account should not use LDAP for authentication. ... I want to know what I've to change which configuration file and what ... (comp.mail.sendmail) Re: Authenticating LDAP connection with current windows users credentials? ... setup and theory behind an ldap ... The Kerberos only works with ADS right now but that is sufficient for your situation. ... when the user has logged in interactively and therefore has a valid Kerberos ticket cached in Windows logon credential cache. ... CallbackHandler callbackHandler = new KerbCallback; ... (comp.lang.java.programmer)