[24587] in Kerberos
Re: is that common to use kerberos authentication for SUN iplanet
daemon@ATHENA.MIT.EDU (Markus Moeller)
Thu Sep 1 19:44:05 2005
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Fri, 2 Sep 2005 00:43:36 +0100
Message-ID: <df83jl$4tg$1@sea.gmane.org>
X-Complaints-To: usenet@sea.gmane.org
Errors-To: kerberos-bounces@mit.edu
Kent,
I used for example ldapsearch on a standard SuSE SLES 9 system with heimdal
Kerberos, cyrus-sasl and openldap.
On another system I compiled myself MIT Kerberos, cyrus-sasl and openldap.
The capture of the ldapsearch was not readable text. Keep in mind you need
the MS pac authorisation
information in your Kerberos ticket, which means you have to authenticate to
AD.
Regards
Markus
"Kent Wu" <kwu@xsigo.com> wrote in message
news:1125607445.15193.0.camel@jurassic.mvcorp.xsigo.com...
> Markus,
>
> I know SASL/GSSAPI can do encryption according to the document
> however I tried a while back to enable the encryption against AD while
> doing kerberos authentication in my C program but failed. Did you really
> enable the encryption successfully in the program? If so then I must
> have missing something then....
>
> Thanks.
>
> -Kent
>
> On Thu, 2005-09-01 at 20:24 +0100, Markus Moeller wrote:
>> Craig,
>>
>> you say you use SASL + SSL. As far as I know SASL/GSSAPI can do
>> encryption
>> too. What was the reason not to use SASL/GSSAPI with encryption. And
>> example
>> is AD, which can be accessed via SASL/GSSAPI with encryption.
>>
>> Thanks
>> Markus
>>
>> "Craig Huckabee" <huck@spawar.navy.mil> wrote in message
>> news:4316DEC8.5060809@spawar.navy.mil...
>> > Kent Wu wrote:
>> >>
>> >> So my question is that is it pretty easy to enable Kerberos for SUN
>> >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
>> >
>> > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our
>> > copy
>> > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary
>> > versions
>> > they sold previously also use MIT Kerberos.
>> >
>> > We now have several processes that regularly use only GSSAPI/SASL
>> > over
>> > SSL to authenticate and communicate with LDAP. Works very well.
>> >
>> > HTH,
>> > Craig
>> >
>> > ________________________________________________
>> > Kerberos mailing list Kerberos@mit.edu
>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>> >
>>
>>
>>
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
> --
> Kent Wu <kwu@xsigo.com>
> XSIGO INC.
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos