[29600] in Kerberos
Re: kerberos vs ldap
daemon@ATHENA.MIT.EDU (Danny Mayer)
Sun Mar 30 21:57:39 2008
Message-ID: <47F044CB.2040702@ntp.isc.org>
Date: Sun, 30 Mar 2008 21:56:27 -0400
From: Danny Mayer <mayer@ntp.isc.org>
MIME-Version: 1.0
To: Donn Cave <donn@u.washington.edu>
In-Reply-To: <donn-1ED06D.09294028032008@gnus01.u.washington.edu>
Cc: kerberos@mit.edu
Reply-To: mayer@ntp.isc.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Donn Cave wrote:
>> LDAP has nothing whatsoever to do with authorization. It's a data
>> storage and retrieval mechanism. If you choose to use it for
>> authorization that's up to you.
>
> Taken out of context, that's true, but conversations
> like this can be awfully tedious if we have to drag
> around explicit context. Give us a break, OK? How
> would you explain the relation between LDAP vs. Kerberos?
Not at all. I've done authentication with both LDAP and Kerberos. Each
has different goals. LDAP is not an authorization protocol either though
it can be used that way. You can also use database tables to do
authorization. These are just different implementation strategies. I've
used both. The choices that need to be made depend on both your goals
and your architecture.
Danny
> Donn Cave, donn@u.washington.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
