[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP and Kerberos

To: Assar Westerlund <assar@sics.se>
Subject: Re: LDAP and Kerberos
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Thu, 27 Jul 2000 10:30:04 -0700
Cc: Heiko Muenkel <muenkel@tch.de>, heimdal-discuss@sics.se
In-Reply-To: <5l1z0fseyj.fsf@assaris.sics.se>
References: <Heiko Muenkel's message of "Thu, 27 Jul 2000 11:02:45 +0200 (MEST)"><14719.64181.703217.993001@master.tch.de>
Sender: owner-heimdal-discuss@sics.se

At 06:41 PM 7/27/00 +0200, Assar Westerlund wrote:
>> I think, that the Kerberos support in LDAP is only for secure
>> connections between a LDAP client and a LDAP server. Is that true?
>
>I believe there's support for using Kerberos under gss-api
>authentication in LDAP, and here Heimdal should be usable but this is
>not something that I've tried.  Maybe someone more in the know can
>fill us in?

Depends upon your implementation, of course.

OpenLDAP 1.x (and U-Mich LDAP 3.3) have support authentication using
Kerberos IV.

OpenLDAP 2.x (currently in beta) has supports SASL using the
Cyrus SASL implementation.  Cyrus SASL supports plugins for
GSSAPI which is compatible with Heimdal (in fact, this is what
I am currently using).

OpenLDAP 2.x SASL/EXTERNAL(TLS) support is under development is
based upon OpenSSL.  I am not sure if OpenSSL supports GSSAPI
authentication (RFC2712), but this would another method of
authenticating using your Kerberos V credentials once we complete
our implementation of SASL/EXTERNAL.

Kurt

Follow-Ups:
- Re: LDAP and Kerberos
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

References:
- LDAP and Kerberos
  - From: Heiko Muenkel <muenkel@tch.de>
- Re: LDAP and Kerberos
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: LDAP and Kerberos
Next by Date: Re: LDAP and Kerberos
Prev by thread: Re: LDAP and Kerberos
Next by thread: Re: LDAP and Kerberos
Index(es):
- Date
- Thread