[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using ldap as heimdal backend
-----BEGIN PGP SIGNED MESSAGE-----
Lara Adianto írta:
| This is probably a basic question but well, I haven't
| got any satisfactory information on the net, so I post
| it anyway here.
| I read somewhere in the net that using ldap as the
| backend of heimdal might degrade the security feature
| of kerberos. Is this right ? If yes, then in which
| situation will we prefer to use ldap backend instead
| of the local dbase ?
| Using ldap as the heimdal's backend, how would the
| search be conducted through ldap ? With simple bind ?
| SASL mechanism ?
With proper access control lists defined in ldap configuration the risk
is minimal. The LDAP connection is realized over a UNIX domain socket,
so Heimdal and LDAP server must run on the same host.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----