[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Authentication Methods for LDAP - last call
> The only reason for one mandatory algorithm across LDAP servers and
> clients is because the client must connect to many servers
Wrong! It is so that any client can connect to any server and know that
they will be able to negotiate something better than just passing passwords
in the clear.
> - and have its entry replicated in every server to which it connects -
> AS said - an unscaleable and broken concept in distributed directory systems.
The issue has *nothing* to do with replication. Replication is server to
server. And if the market feels that interoperation with certificates is
important, I am sure that there will be standard options to permit it.
But they should not be mandatory for all implementations.
I am happy you are trying to sell X.500 servers. I'm wish you luck in
trying to build your global scalable infrastructure for certificates,
but I don't care. I want something LIGHTWEIGHT (the L in LDAP) and easy
to install, administer, and use, that does not require large amounts of
resources for my local network. I don't want to advertise my printers,
hosts, or users to the global Internet, but I do want to have them in
my local directory.
The IETF says that I should not use passwords in the clear, so I won't,
but I will *not* install Kerberos or a Certificate Authority, just so
I can track my HP laser printer. And I don't care about replication -
I will only have one server.