Michael L Torrie wrote: > Grant Shipley wrote: >> We use Red Hat Directory Server here at Red Hat as the back end of our >> SSO implementation. Anytime you log in to redhat.com or RHN, you are >> binding via LDAP. > > Hmm. This is interesting considering that although everyone does this, > but it raises the point that LDAP really is an authorization solution, > not an authentication solution. Thus people often say "use LDAP" when > they really mean one should use kerberos, or something similar. I'm > betting RH is using SASL and kerberos on the back end; I certainly hope > my RHN credentials are not stored in LDAP! In the ideal world, there > should never be any password information whatsoever stored in LDAP.
Hmm, I'm missing something. Why not? The passwords stored in my LDAP database are encrypted, and I'm not using Kerberos; is there something wrong with that? Shane /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
