Re: UNIX Authentication
From: Michael Bartosh (mbartosh_at_mac.com)
Date: 02/01/04
- Previous message: Frédéric Médery: "exporting sudoers, good pratcice ?"
- In reply to: Joseph M Hoffman: "Re: UNIX Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 1 Feb 2004 13:45:38 -0700 To: Joseph M Hoffman <hoffjose@us.ibm.com>
At 11:38 AM -0600 2/1/04, Joseph M Hoffman wrote:
>I disagree, Kerboros is vulnerabe to man-in-the-middle attacks. Check out
>Tivoli's Access Manager which utilizes Web Seal. TAM is made for
>and can be configured to fit all of your SSO needs , safely. TAM uses LDAP,
>of course as a directory, but in all cases of SSO LDAP is used as part of
>the Enterprise Security Solution for .
Saying kerb is vulnerable to man in the middle attacks is pretty
nebulous. For practical purposes, it's not, the KDC has to be
verified by the keytab file.
Vendor-specific (and probably expensive) solutions are not the
answer, especially coming from a representative of the company
hawking them.
LDAP was not designed for authentication. Shoehorning it into that
role isn't elegant.
-- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh mbartosh@4am-media.com 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.
- Previous message: Frédéric Médery: "exporting sudoers, good pratcice ?"
- In reply to: Joseph M Hoffman: "Re: UNIX Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
