Re: UNIX Authentication
From: Joseph M Hoffman (hoffjose_at_us.ibm.com)
To: Michael Bartosh <email@example.com> Date: Sun, 1 Feb 2004 11:38:03 -0600
I disagree, Kerboros is vulnerabe to man-in-the-middle attacks. Check out
Tivoli's Access Manager which utilizes Web Seal. TAM is made for
and can be configured to fit all of your SSO needs , safely. TAM uses LDAP,
of course as a directory, but in all cases of SSO LDAP is used as part of
the Enterprise Security Solution for .
Joseph M. Hoffman,CISSP, CCSA,CCSE,NSWC,SBFCC,B.A.
I.B.M. Security & Privacy Services
The highest reward for man's toil is not what he gets for it, but what he
<firstname.lastname@example.org To: Philipp Schulte <email@example.com>,
01/31/2004 12:27 Subject: Re: UNIX Authentication
At 3:56 PM +0100 12/19/03, Philipp Schulte wrote:
>What about Kerberos? http://web.mit.edu/kerberos/www/
LDAP is not an authentication protocol. It's a protocol for accessing
directories- for identification. Kerb is a much better choice for
authentication- particularly considering its single sign-on features.
-- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh firstname.lastname@example.org 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.