>Both of these simply take the credentials passed during LDAP >authentication, and send them off to the KDC for verification. > >PADL's (http://padl.com) plugin, I believe, will do "true" kerberos >authN, where a user with a pre-auth'd ticket can use those credentials >to access information in the LDAP directory, without re-authN'ing.
That's correct -- our plugin does "true" Kerberos authentication, using the GSS-API SASL mechanism. More information is at: http://www.padl.com/Products/KerberosAuthenticationPlu.html Of course, it turns out most people mean "validating a user's initial credentials (aka. password) against Kerberos" when they speak of "Kerberos authentication". While our plugin does also support this (using PAM) there are alternatives such as those you mentioned. regards, -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
