[19435] in Kerberos
Re: Sun One Directory Server + Kerberos
daemon@ATHENA.MIT.EDU (Luke Howard)
Tue Jun 17 09:20:45 2003
From: Luke Howard <lukeh@PADL.COM>
Message-Id: <200306171321.XAA32383@au.padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: matt@forsetti.com
Date: Tue, 17 Jun 2003 23:21:02 +1000
cc: kerberos@mit.edu
Reply-To: lukeh@PADL.COM
Errors-To: kerberos-bounces@mit.edu
>Both of these simply take the credentials passed during LDAP
>authentication, and send them off to the KDC for verification.
>
>PADL's (http://padl.com) plugin, I believe, will do "true" kerberos
>authN, where a user with a pre-auth'd ticket can use those credentials
>to access information in the LDAP directory, without re-authN'ing.
That's correct -- our plugin does "true" Kerberos authentication,
using the GSS-API SASL mechanism. More information is at:
http://www.padl.com/Products/KerberosAuthenticationPlu.html
Of course, it turns out most people mean "validating a user's initial
credentials (aka. password) against Kerberos" when they speak of
"Kerberos authentication". While our plugin does also support this
(using PAM) there are alternatives such as those you mentioned.
regards,
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
