[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication & Login sessions

To: davidn@austel.net
Subject: Re: Authentication & Login sessions
From: Luke Howard <lukeh@PADL.COM>
Date: Sun, 9 Jul 2000 17:10:27 +1000
Cc: openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.2g/makemail 2.9a

>The problem can be solved using AF_UNIX type sockets instead of network
>transport, which solves a lot of issues so far as credentials go. This

As Howard mentioned, we added support for this to OpenLDAP some time
ago.

>(understandably) does not support authenticated access, it too is not a
>suitable mechanism. The only option I can think of is to use kerberos, but
>before requiring kerberos as part of this equation I thought I'd ask to
>see if anyone has done any development along these lines, or perhaps
>someone has other helpful comments.

What about something like ssh-agent on the client that keeps some
credentials around? IIRC HP were doing something like this with their
pam_ldap module.


-- Luke

--
Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com

Prev by Date: Re: no values returned from ldap_get_values()
Next by Date: RE: Authentication & Login sessions
Index(es):
- Chronological
- Thread