Michael B Allen <[EMAIL PROTECTED]> writes: > Russ Allbery <[EMAIL PROTECTED]> wrote:
>> It only does Kerberos authentication. If the passwords are stored as >> encrypted hashes in an LDAP directory server (which is what people >> normally mean when they talk about "LDAP authentication"), it doesn't >> help. > Actually I think mod_auth_ldap just uses ldap_bind functions to > "authenticate" so the passwords "stored as encrypted hashes" part still > confuses me a little. The typical LDAP server can usually authenticate users in several different ways, from GSSAPI via SASL to doing callouts behind the scenes to verify a provided password against Kerberos. Far and away the most common way of using an LDAP server to do authentication, however, is to store an MD5 or similar hash of the password in an attribute and then having the server compare hashes when the user tries to bind. I usually assume that method is what people are talking about when they say that they want to authenticate against LDAP, since people who have set up other things usually know to use more specific terminology. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
