[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos/LDAP/SASL central authentication server howto
Quoting Love <lha@stacken.kth.se>:
>
> Tarjei Huse <tarjei@nu.no> writes:
>
> >> Can't I use SASL/GSSAPI instead of SSL to avoid the SSL cert
> >> management ?
> >
> > Nope, GSSAPI only secures the passwordexchange while tls/ssl secures the
> > whole transaction. So if you update another users password on a remote
> > server only uses GSSAPI, you'll end up authenticating securely but the
> > other users password will be transmitted in cleartext.
>
> This is not true, GSSAPI provides transport security if you want it
> too. Now, there are ldap servers allow what you describe, that is no reason
> to use them that way.
?? I didn't know , sorry. Please tell me more on how I can use GSSAPI instead of
tls to secure not only authentication but everything that happens over the
wire.
Tarjei
>
> Love
>
>
Mob: 920 63 413