[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using ldap as heimdal backend



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lara Adianto írta:
| Hi,
|
| This is probably a basic question but well, I haven't
| got any satisfactory information on the net, so I post
| it anyway here.
|
| I read somewhere in the net that using ldap as the
| backend of heimdal might degrade the security feature
| of kerberos. Is this right ? If yes, then in which
| situation will we prefer to use ldap backend instead
| of the local dbase ?
|
| Using ldap as the heimdal's backend, how would the
| search be conducted through ldap ? With simple bind ?
| SASL mechanism ?
|
With proper access control lists defined in ldap configuration the risk
is minimal. The LDAP connection is realized over a UNIX domain socket,
so Heimdal and LDAP server must run on the same host.
Recomended reading:
http://www.padl.com/Research/Heimdal.html

Cheers,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAcq/H/PxuIn+i1pIRAj9SAJ48k8Cl2qlsV3ZTAzD9iHFPH+PWcgCgldEY
DTJpzqQ8Vde5yYzBCYMPf8I=
=XMTe
-----END PGP SIGNATURE-----