Hi, I like to know why the {KERBEROS} support in simple bind is deprecated in Openldap? Is it because of the security concerns (Kerberos password travelling over the wire and may travel in clear) or is it for some other reason?
Thanks, John.
__________________________________________________________________________________________ Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster. (http://advision.webevents.yahoo.com/mailbeta)
At 04:23 AM 11/3/2006, john d wrote:
Hi, I like to know why the {KERBEROS} support in simple bind is deprecated in Openldap?
I believe there were numerous reasons. Architecturally, it simply makes sense to move the external password store access function outside of slapd(8) proper and into a small, standalone daemon, like saslauthd(8). With {SASL}, we have this.
-- Kurt
Hi, So my understanding is with {SASL}, users can bind to ldap server through simple bind(not SASL bind) by providing the password, which will be validated by the "saslauthd". Is this correct? How is the communication happening between slapd and saslauthd? Is it through IPC?
Thanks, John.
--- "Kurt D. Zeilenga" Kurt@OpenLDAP.org wrote:
At 04:23 AM 11/3/2006, john d wrote:
Hi, I like to know why the {KERBEROS} support in
simple
bind is deprecated in Openldap?
I believe there were numerous reasons. Architecturally, it simply makes sense to move the external password store access function outside of slapd(8) proper and into a small, standalone daemon, like saslauthd(8). With {SASL}, we have this.
-- Kurt
____________________________________________________________________________________ Sponsored Link
Try Netflix today! With plans starting at only $5.99 a month what are you waiting for? http://www.netflix.com/Signup?mqso=80010030
openldap-software@openldap.org
-
john d -
Kurt D. Zeilenga