[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos/LDAP/SASL central authentication server howto
Quoting Love <email@example.com>:
> Tarjei Huse <firstname.lastname@example.org> writes:
> >> Can't I use SASL/GSSAPI instead of SSL to avoid the SSL cert
> >> management ?
> > Nope, GSSAPI only secures the passwordexchange while tls/ssl secures the
> > whole transaction. So if you update another users password on a remote
> > server only uses GSSAPI, you'll end up authenticating securely but the
> > other users password will be transmitted in cleartext.
> This is not true, GSSAPI provides transport security if you want it
> too. Now, there are ldap servers allow what you describe, that is no reason
> to use them that way.
?? I didn't know , sorry. Please tell me more on how I can use GSSAPI instead of
tls to secure not only authentication but everything that happens over the
Mob: 920 63 413