Re: UNIX Authentication

From: Joseph M Hoffman (hoffjose_at_us.ibm.com)
Date: 02/01/04

  • Next message: Frédéric Médery: "exporting sudoers, good pratcice ?"
    To: Michael Bartosh <mbartosh@mac.com>
    Date: Sun, 1 Feb 2004 11:38:03 -0600
    
    

    I disagree, Kerboros is vulnerabe to man-in-the-middle attacks. Check out
    Tivoli's Access Manager which utilizes Web Seal. TAM is made for
    and can be configured to fit all of your SSO needs , safely. TAM uses LDAP,
    of course as a directory, but in all cases of SSO LDAP is used as part of
    the Enterprise Security Solution for .

    Thnaks,

    Joseph M. Hoffman,CISSP, CCSA,CCSE,NSWC,SBFCC,B.A.

     I.B.M. Security & Privacy Services

    office 816-228-3275
    mobile 816-721-3275

    The highest reward for man's toil is not what he gets for it, but what he
    becomes by
                               it.
                               John Ruskin

                                                                                                                                  
                          Michael Bartosh
                          <mbartosh@mac.com To: Philipp Schulte <pschulte@uni-duisburg.de>,
    > focus-linux@securityfocus.com
                                                   cc:
                          01/31/2004 12:27 Subject: Re: UNIX Authentication
                          PM
                                                                                                                                  
                                                                                                                                  

    At 3:56 PM +0100 12/19/03, Philipp Schulte wrote:
    >What about Kerberos? http://web.mit.edu/kerberos/www/

    Exactly.

    LDAP is not an authentication protocol. It's a protocol for accessing
    directories- for identification. Kerb is a much better choice for
    authentication- particularly considering its single sign-on features.

    --
    http://www.4am-media.com
    Mac OS X Consulting and Training
    Michael Bartosh
    mbartosh@4am-media.com
    303.517.0272
    Denver, CO
    "The surest way to corrupt a youth is to instruct him to hold in higher
    regard those who think alike than those who think differently."
    - -- Nietzsche
                                         Think Different.
    

  • Next message: Frédéric Médery: "exporting sudoers, good pratcice ?"

    Relevant Pages

    • Re: UNIX Authentication
      ... >and can be configured to fit all of your SSO needs, ... TAM uses LDAP, ... >the Enterprise Security Solution for. ...
      (Focus-Linux)
    • Re: Sun Java System Directory Server Authentication
      ... This is Ok for simple HTML, all webservers will handle that, but you can't expect a Solaris ... "Webserver" to handle asp or asp.net requests. ... LDAP is not an authentication protocol and an LDAP server (just as an AD on ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: DNS/Kerberos/LDAP integration question
      ... answer my question of whether LDAP is involved in the logon process. ... > protocol (DAP, but that was designed for use with X.500 directories. ... > Kerberos is an authentication protocol and DNS is a directory access ...
      (microsoft.public.windows.server.active_directory)
    • Re: Adding Solaris 10 machine to Active Directory Authentication
      ... Well LDAP isn't used for authentication for machines joined to AD because LDAP ... isn't an authentication protocol and is pretty insecure. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Paul wrote: ...
      (microsoft.public.windows.server.active_directory)
    • Re: UNIX Authentication
      ... Philipp Schulte wrote: ... LDAP is not an authentication protocol. ... Kerb is a much better choice for ...
      (Focus-Linux)