Hi, I'm planning to create a single-sign-on authentication and authorization in our network. Kerberos for authentication and ldap for authorization. My problem is that, only few application supports the kerberos protocol unlike the ldap, and one suggest that I should use kerberos as much as possible and for applications that can only authenticate through ldap, use an ldap server which supports kerberos pass-thru userPasswords. In this scenario, the duplication of userPassword has been eliminated but userid still has to reside on both ldap database and the kerberos database. I've read that heimdal supports placing userid/password in an ldap directory. Will it be safe to do so, or are there things here I still need to look into? If this is the case, does it mean that my whole ldap directory will be encrypted too because of the way kerberos stores user credentials?
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
