[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question on using ldap as password database for heimdal
- To: heimdal-discuss@sics.se
- Subject: Question on using ldap as password database for heimdal
- From: jay alvarez <kerber0sb0y@yahoo.com>
- Date: Wed, 13 Jul 2005 01:06:04 -0700 (PDT)
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=tn13Fkr7URGftO2ycADhFP4NMtlO1DwDiFVpT+4Hgvb9NK5e498oDZ+uBLiNYpR5hqCLYUp5xdHRPosC3C6a84vX6TRTWs72p5se9Yaq5qYBm/7L0ezEM1Au5I5/qT6GNDuvJLYZVoT9IODJI6oFNkCQ7vGZo+3hjuK2UlpNhCA= ;
- In-Reply-To: <20050713060624.20777.qmail@web32407.mail.mud.yahoo.com>
- Sender: owner-heimdal-discuss@sics.se
Hi,
I'm planning to create a single-sign-on
authentication and authorization in our network.
Kerberos for authentication and ldap for
authorization. My problem is that, only few
application supports the kerberos protocol unlike
the
ldap, and one suggest that I should use kerberos as
much as possible and for applications that can only
authenticate through ldap, use an ldap server which
supports kerberos pass-thru userPasswords. In this
scenario, the duplication of userPassword has been
eliminated but userid still has to reside on both
ldap
database and the kerberos database. I've read that
heimdal supports placing userid/password in an ldap
directory. Will it be safe to do so, or are there
things here I still need to look into? If this is
the
case, does it mean that my whole ldap directory will
be encrypted too because of the way kerberos stores
user credentials?
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs