[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto



Quoting Love <lha@stacken.kth.se>:

> 
> Tarjei Huse <tarjei@nu.no> writes:
> 
> >> Can't I use SASL/GSSAPI instead of SSL to avoid the SSL cert
> >> management ?
> >
> > Nope, GSSAPI only secures the passwordexchange while tls/ssl secures the
> > whole transaction. So if you update another users password on a remote
> > server only uses GSSAPI, you'll end up authenticating securely but the
> > other users password will be transmitted in cleartext.
> 
> This is not true, GSSAPI provides transport security if you want it
> too. Now, there are ldap servers allow what you describe, that is no reason
> to use them that way.

?? I didn't know , sorry. Please tell me more on how I can use GSSAPI instead of
tls to secure not only authentication but everything that happens over the
wire.

Tarjei

> 
> Love
> 
> 


Mob: 920 63 413