I'd be more concerned about malicious users inside your network being able to sniff that traffic and obtain usernames/passwords pretty easily.
Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Friday, January 21, 2005 10:36 AM To: [email protected] Subject: RE: [ActiveDir] LDAP export pros/cons In our case, it's a PeopleSoft portal that is using AD as the authentication provider via the LDAP bind. My logon IDs match in PeopleSoft and AD, so that's how PS correlates a successful AD bind to a PS user. No argument that using LDAP as an authentication method isn't nearly as secure as kerberos, but we sufficiently trust our in-house PeopleSoft folks to not get ulcers over the setup, along with some other technical and policy measures to reduce our risk exposure. There are other groups in our organization with whom we would not do something like this. Those groups probably don't trust us either :-) Hunter List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
