On Wed, Jan 28, 2004 at 04:35:55PM -0500, Kevin Coffman wrote:
> But it does require you to send your password (over SSL) to the LDAP server
> which then uses SASL/GSSAPI to verify the password? Isn't that how this
> works, or am I missing something?
No, you are talking about using something like {SASL}stuff in the userPassword
attribute, which is still a simple bind from the client's point of view.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Harry Le
> Sent: Wednesday, January 28, 2004 2:30 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Kerberos vs. LDAP for authentication -- any opinions?
>
>
> Not entirely true.
>
> Most LDAP servers now support the SASL/GSSAPI mechanism. It uses Kerberos
> V5 credentials to authenticate users against LDAP directories. This will
> not require users to change passwords. For data privacy, use SSL.
>
> Joseph
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
