[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP and Kerberos



At 06:41 PM 7/27/00 +0200, Assar Westerlund wrote:
>> I think, that the Kerberos support in LDAP is only for secure
>> connections between a LDAP client and a LDAP server. Is that true?
>
>I believe there's support for using Kerberos under gss-api
>authentication in LDAP, and here Heimdal should be usable but this is
>not something that I've tried.  Maybe someone more in the know can
>fill us in?

Depends upon your implementation, of course.

OpenLDAP 1.x (and U-Mich LDAP 3.3) have support authentication using
Kerberos IV.

OpenLDAP 2.x (currently in beta) has supports SASL using the
Cyrus SASL implementation.  Cyrus SASL supports plugins for
GSSAPI which is compatible with Heimdal (in fact, this is what
I am currently using).

OpenLDAP 2.x SASL/EXTERNAL(TLS) support is under development is
based upon OpenSSL.  I am not sure if OpenSSL supports GSSAPI
authentication (RFC2712), but this would another method of
authenticating using your Kerberos V credentials once we complete
our implementation of SASL/EXTERNAL.

Kurt