Normally, it is not allowed client user to modify password, but LDAP server login admin user will be able to do it. Actually, LDAP server is an authentication service provider.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Le Sent: Wednesday, January 28, 2004 2:30 PM To: [EMAIL PROTECTED] Subject: RE: Kerberos vs. LDAP for authentication -- any opinions? Not entirely true. Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos V5 credentials to authenticate users against LDAP directories. This will not require users to change passwords. For data privacy, use SSL. Joseph -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Altman Sent: Wednesday, January 28, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos vs. LDAP for authentication -- any opinions? LDAP is not an authentication infrastructure. All you are doing with LDAP is providing a database of usernames and passwords which is accessible over the network. Your users must then transmit said usernames and passwords across the network to a potentially compromised machine in order for them to be validated against the copies stored in LDAP. To me this approach is unacceptable. [EMAIL PROTECTED] wrote: > At the risk of starting a religious war.... > > We currently use Kerberos for authentication for almost everything on > our network. Some people here are advocating switching to using LDAP > for authentication (we already have a pretty well developed LDAP > infrastructure). This would of course require everyone to change > their password as well the trauma of recoding applications that > currently use Kerberos and haven't been converted to using PAM. > > Anyone have any pointers to information about the relative merits of > using Kerberos or LDAP for authentication in a large heterogeneous > environment? > > Any info is, of course, greatly appreciated. > > - C > > -- > Email: [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
